Recently the Article 29 Data Protection Working Party, (which is made up of representatives of the 28 data protection authorities in the EU), gave a 'thumbs up' to Microsoft's Cloud Solutions as being adequate for EU data protection laws.
In general, wherever a business that is a data controller in the EU outsources personal data to a third party provider, an assessment has to be made as to whether or not that third party provider has adequate contractual and information security controls to keep the personal data secure.
Many third party providers are either Safe Harbor certified or offer to enter into EU model contracts between data controller and data processor.
In our experience, Safe Harbor on its own is not a sufficient solution to provide full compliance and it is for this reason that data protection authorities have taken a keen interest in the standards of Cloud providers.
In providing their opinion on Microsoft's Cloud Solutions, the Article 29 Data Protection Working Party has limited its approval to Microsoft Azure, Office 365, Microsoft Dynamics CRM and Windows Intune.
Whilst opinions of the Article 29 Data Protection Working Party are not binding on member states they are an extremely useful tool and we can expect other Cloud providers to follow Microsoft in seeking a seal of approval in the EU.
This article was written by Robert Bond.
For more information please contact Robert on +44 (0)20 7427 6660 or email@example.com.