The European Data Protection Board (EDPB) has launched the first coordinated enforcement action pursuant to which 22 national supervisory authorities across the EEA (including the EDPS) will launch investigations into the use of cloud-based services by the public sector. Over 75 public bodies in total will be addressed across the EEA, including EU institutions, covering a wide range of sectors (such as health, finance, tax, education, central buyers or providers of IT services). In particular, Supervisory Authorities will explore public bodies’ challenges with GDPR compliance when using cloud-based services, including the process and safeguards implemented when acquiring cloud services, challenges related to international transfers, and provisions governing the controller-processor relationship. The EDPB will publish a report on the outcome of this analysis before the end of 2022.
Continue reading the related EDPB press release here