Cloud computing under GDPR: What issues are brought by Article 28?

Warning

This publication doesn't include Institute of Computer Science. It includes Faculty of Law. Official publication website can be found on muni.cz.
Authors

TOMÍŠEK Jan

Year of publication 2018
Type Appeared in Conference without Proceedings
MU Faculty or unit

Faculty of Law

Citation
Description Cloud computing is not a novel technology, yet we struggle when we try to regulate it. One of the examples is Article 28 of the General Data Protection Regulation (GDPR). While the new legislation builds upon experience with shortcomings of the previous Data Protection Directive, it brings new issues and keeps some of the old problems. Presented paper focuses on the impact of the new legislation on contracts between cloud customers and providers. Firstly, the roles of cloud customers and cloud providers under GDPR will be described. Secondly, the Article 28 will be analyzed, with focus on international data transfer rules, data security and audit rights, pointing out the issues for cloud contracts. International data transfers will be discussed in the light of the newly adopted US CLOUD Act. Concerning data security, the vagueness of the legal requirements will be discussed as an issue. In relation to audit rights, the topic will be the weak relation between the Article 28 and the new certification schemes brought by GDRP. Thirdly, recommendations how to apply the legislation in pragmatic manner by the data protection authorities will be presented.
Related projects:

You are running an old browser version. We recommend updating your browser to its latest version.

More info