Denmark: Datatilsynet publishes guidance on use of cloud technologies
The Danish data protection authority ('Datatilsynet') announced, on 9 March 2022, that it had published a new guide on the use of cloud services, as well as a short overview of frequently asked questions ('FAQs'). In particular, the Datatilsynet stated that the new guide is targeted at data controllers and notes the considerations which data controllers must keep in mind when using a cloud service, including an outline of the pitfalls, opportunities, and obligations that arise when using such technologies. More specifically, the Datatilsynet noted that the guide contains, among other things, the following:
- instructions on how to assess data processors, the requirements that should be requested of them, and how to ensure processing takes place in accordance with set instructions;
- a section addressing data transfers to third countries and particularly the US; and
- practical questions data controllers intending to use cloud services may ask themselves.
Furthermore, the Datatilsynet noted that it is also setting up an expert working group, focused on assessing the challenges of current cloud services in light of the latest legal developments and developing measures that can ensure the responsible and lawful use of cloud services.
Notably, the Datatilsynet highlighted that any interested parties with input on the guide may send such communications across to the Datatilsynet via email to [email protected].