The EDPB has published a report on the conclusions of its first annual coordinated action focused on the use of cloud by public authorities. The report proposes a series of recommendations for data controllers using cloud services. The GBA provides commentary at national level.
In February 2022, the GBA had decided to participate in the EDPB’s first annual Concerted Action . A total of 22 national supervisory authorities in the EEA had responded and initiated actions to this effect. The GBA had collected information via a questionnaire from ICT service providers for government agencies on the one hand and government agencies that process large amounts of health data on the other.
The responses from the public authorities involved in this action in Belgium have been used to prepare a national report, which is annexed to the report published by the EDPB.
The GBA points out the importance of, among other things:
- consulting the data protection officer (DPO) before choosing a cloud service provider;
- conducting an Impact Assessment (IA) before using cloud services;
- including detailed data protection requirements in calls for tenders and public tenders.
To complete this awareness campaign, the GBA has sent a table of comments to the Belgian authorities surveyed based on their specific answers, allowing them to carry out a self-assessment and take the necessary measures to bring the use of cloud services into compliance with the requirements in the field of data protection.
The EDPB’s next annual coordinated action will focus on the designation and role of the Data Protection Officer . The GBA, for which the DPO is one of the priorities for 2023, is already planning to participate.