The first Coordinated Enforcement Action under the auspices of the European Data Protection Board (EDPB) has begun in the Slovak Republic this week. The Office for Personal Data Protection of the Slovak Republic, together with 21 other supervisory authorities in the European Economic Area (hereinafter referred to as the EEA), will be involved in the joint mapping of use of cloud-based services by the public sector.
This action is the result of the EDPB's decision of October 2020 to establish a Coordinated Enforcement Framework (CEF). The initiative aims to streamline enforcement and cooperation among Supervisory Authorities.
According to EuroStat, the cloud uptake by enterprises doubled across the EU in the last 6 years. The COVID-19 pandemic has sparked a digital transformation of organisations, with many public sector organisations turning to cloud technology. However, in doing so, public bodies at national and EU level may face difficulties in obtaining Information and Communication Technology products and services that comply with EU data protection rules. Through coordinated guidance and action, the SAs aim to foster best practices and thereby ensure the adequate protection of personal data.
Over 75 public bodies in total will be addressed across the EEA, including EU institutions, covering a wide range of sectors (such as health, finance, tax, education, central buyers or providers of IT services). Building on common preparatory work by all participating SAs, the CEF will be implemented at national level in one or several of the following ways: fact-finding exercise; questionnaire to identify if a formal investigation is warranted; commencement of a formal investigation; follow-up of ongoing formal investigations. In particular, SAs will explore public bodies’ challenges with GDPR compliance when using cloud-based services, including the process and safeguards implemented when acquiring cloud services, challenges related to international transfers, and provisions governing the controller-processor relationship.
You can find out more about the coordinated action on the EDPB via this link: Launch of coordinated enforcement on use of cloud by public sector | European Data Protection Board (europa.eu)