The Danish data protection authority has published a new guide on the use of cloud services, together with a brief overview of FAQs . The new guide is aimed at data controllers and highlights aspects to keep in mind when using cloud services. Datatilsynet points out the potential risks and opportunities, as well as the obligations for controllers to meet when using cloud solutions. The guide includes, among others:
- instructions for the verification of cloud processors, what should be required of them and how to ensure that the processing is carried out in accordance with the instructions of the controllers,
- a chapter on data transfers to third countries, in particular to the USA, and
- answers to practical questions asked by controllers of data processed in the cloud.
Datatilsynet is also setting up an expert working group that will focus on assessing the challenges of current cloud services in light of recent legal developments and develop measures to ensure the legal and secure use of cloud services.