Data Protection

Cloud Privacy Check: Data Protection Compliance Requirements for Cloud Customers when moving into a Cloud Environment

03 Feb 2017

2 min read

The Data Privacy Compliance Cloud Privacy Check (CPC/DPC) is an initiative by a group of 44 lawyers from 32 different countries. The project aims to clarify the requirements under the increasingly complex European Data Protection laws which may vary between Member States. The CPC/DPC also makes it possible to compare and extract the differences between every Member State’s data privacy requirements. The CPC/DPC also includes country by country reports.

The Cloud Privacy Check process is simple and straightforward: the check is made up of four steps which outline certain requirements depending on the answer to the questions. The questions posed are the following:

  1. Does the transaction include any personally identifiable information?
  2. Does a third party involved in the setup of the cloud process have access to personal data?
  3. Does the data leave the jurisdiction of the customer?
  4. Is the cloud provider using subcontractors in the setup?

In the first two questions of the Cloud Privacy Check it can be ascertained whether the setup in question leads to any data protection obligations. In questions three and four, the compliance obligations will be outlined.

Miroslav Chlipala, one of the lawyers who contributed to this project, commented on the incoming General Data Protection Regulation, which will change the current data privacy requirements: “We will integrate the new European Data Protection Regulation, answer the most common questions asked by companies, and continue to inform about the most important topics comprehensibly and free of charge.”

The Cloud Privacy Check can be found here.

For further information about how GVZH Advocates can help you with your data protection legal requirements, kindly contact us here.