Cloud computing under GDPR: What issues are brought by Article 28?
|Druh||Další prezentace na konferencích|
|Fakulta / Pracoviště MU|
|Popis||Cloud computing is not a novel technology, yet we struggle when we try to regulate it. One of the examples is Article 28 of the General Data Protection Regulation (GDPR). While the new legislation builds upon experience with shortcomings of the previous Data Protection Directive, it brings new issues and keeps some of the old problems. Presented paper focuses on the impact of the new legislation on contracts between cloud customers and providers. Firstly, the roles of cloud customers and cloud providers under GDPR will be described. Secondly, the Article 28 will be analyzed, with focus on international data transfer rules, data security and audit rights, pointing out the issues for cloud contracts. International data transfers will be discussed in the light of the newly adopted US CLOUD Act. Concerning data security, the vagueness of the legal requirements will be discussed as an issue. In relation to audit rights, the topic will be the weak relation between the Article 28 and the new certification schemes brought by GDRP. Thirdly, recommendations how to apply the legislation in pragmatic manner by the data protection authorities will be presented.|