The EDPB provides for further guidance on the use of cloud solutions in line with the GDPR

In just a few years, the use of cloud services has increased significantly. This is not without risk from a data protection perspective. Private and public sector actors need to pay particular attention to the choice of their hyper-scale Cloud Service Provider (CSP) especially if they belong to a group outside the EU/EEA

In their recent article published in the March edition of Agefi, Vincent Wellens and Antoine Pétronin summarise the main takeaways provided by the EDPB on the use of cloud solutions in line with the GDPR.

Source: Agefi – March 2023

See files
The EDPB provides for further guidance on the use of cloud solutions in line with the GDPR - Agefi - March 2023

Blog

11.04.2024
Counting down to DORA – governance of ICT risks and board member responsibility
Blog

14.03.2024
ICT services: comparison of the ESMA and EBA outsourcing guidelines and DORA
Corporate news

07.03.2024
NautaDutilh intensifies AI collaboration with Fledger
Update

06.03.2024
DMA countdown - Perhaps the most important milestone: gatekeepers must ensure compliance
Corporate news

28.02.2024
NautaDutilh IP team maintains strong standing in WTR 1000 2024
Blog

15.02.2024
Counting down to DORA – Mapping and classification of ICT services
Update

09.02.2024
Privacy & data in the Benelux: five things you need to know in 2024
Update

25.01.2024
Benelux Competition Law in 2024: five things you need to know
Update

24.01.2024
Technology and the law in 2024: five things you need to know
Blog

17.01.2024
Counting down to DORA – three key aspects
Update

15.01.2024
Strict liability regime in case of enforcement of invalid IP rights can be 'appropriate'
Update

11.12.2023
EU AI Act: three key insights on the world's first comprehensive AI law
Publication

30.11.2023
The Chambers Technology & Outsourcing guide 2023
Update

30.11.2023
Q&AI: What financial institutions need to consider when using AI
Publication

22.11.2023
The Foreign Direct Investment Regimes Guide 2024
Update

18.10.2023
Life Sciences challenges and opportunities in Europe and the USA: key insights
Update

23.08.2023
Luxembourg FDI screening mechanism enters into force
Update

21.08.2023
A new era in patent litigation: five things to know about the start of the UPC
Update

21.08.2023
Update Luxembourg law on business licenses: three key insights
Update

08.08.2023
Third parties can intervene in BDPA proceedings and appeal its decisions
Update

24.07.2023
The twin transition of the financial sector: eight key insights
Update

21.07.2023
The law on the use of digital tools and processes in company law in force in Luxembourg
Publication

21.07.2023
The competition dynamics in relation to cloud services
Deal or Case news

18.07.2023
NautaDutilh assists founding shareholders of Route Mobile in selling majority stake to Proximus
Update

14.07.2023
Green light for EU-US Data Privacy Framework: a new era for transatlantic data flows
Publication

27.06.2023
NautaDutilh writes Netherlands chapter of the Global Legal Insights on AI, Machine Learning and Big Data 2023
Corporate news

22.06.2023
NautaDutilh named Benelux Trademark Firm of the Year at the 2023 Managing IP Awards
Update

19.06.2023
The law on the use of digital tools and processes in company law
Update

15.06.2023
Luxembourg: introduction of national FDI screening mechanism
Publication

02.06.2023
Upcoming EU legislation on artificial intelligence
Corporate news

01.05.2023
NautaDutilh Luxembourg ranked in Chambers FinTech 2023
Publication

14.04.2023
Best practices for drafting and updating data protection notices
Deal or Case news

13.04.2023
NautaDutilh assists Bluestar Alliance in Scotch & Soda acquisition
Update

28.03.2023
EU Foreign Subsidies Regulation (FSR): five things you need to know
Update

21.03.2023
Using ChatGPT and other generative AI tools: risks and challenges
Update

03.03.2023
Benelux Competition Law in 2023: five things you need to know
Update

27.02.2023
Data Protection in Belgium: the 2023 focus of the BDPA
Update

13.02.2023
The end-user and its avatar - data integrity risks and ethical challenges in the metaverse - Part one
Publication

03.02.2023
NautaDutilh contributes to IAPP's Global Legislative Predictions 2023
Update

26.01.2023
Online platforms and search engines to publish average monthly active recipients (AMARs) in EU by 17 February 2023
Update

20.01.2023
Benelux Technology Law in 2023: five things you need to know
Update

28.12.2022
CJEU decision extending the scope of article 5(1) of the Damages Directive
Update

21.12.2022
UPC update: extension Sunrise Period, judicial appointments and more
Publication

15.12.2022
GDPR & AML: no longer public access to UBO data without legitimate interest
Update

30.11.2022
A low degree of similarity?
Update

28.11.2022
No longer public access to UBO data without legitimate interest
Update

22.11.2022
Digital Markets Regulation: now a reality in the EU
Update

21.11.2022
DORA: the forthcoming EU legal framework on Digital Operational Resilience in the financial sector
Publication

27.10.2022
Vincent Wellens on FATCA in the Paperjam
Publication

24.10.2022
DORA the EU Regulation
Publication

12.10.2022
NautaDutilh contributes to Technology Disputes Guide by Lexology
Update

11.10.2022
The Unified Patent Court: five things you need to know
Publication

22.08.2022
Privacy and security concerns in the metaverse
Update

03.08.2022
Paying a tribute is not dishonest
Publication

13.07.2022
Luxembourg first member state to launch a certification mechanism under the GDPR
Publication

28.06.2022
European Data Protection Board harmonises EU fining guidelines
Update

14.06.2022
New GDPR guidelines on fines on the way
Update

07.06.2022
Data protection impact assessments new EDPS recommendations
Update

03.06.2022
Heavy fines for Belgian airports for using thermal imaging cameras – what are the lessons for the other controllers?
Update

26.04.2022
Revamped CSSF outsourcing guidance for the financial sector
Corporate news

25.04.2022
20 years of NautaDutilh Luxembourg
Update

28.03.2022
Public procurement in 2022: five things you need to know
Corporate news

01.03.2022
NautaDutilh's Benelux IP-team stands out in WTR1000 2022
Update

09.02.2022
Technology & the law in 2022: five things you need to know
Corporate news

28.01.2022
Our privacy experts Vincent Wellens and Yoann Le Bihan contribute to the IAPP’s Global Legislative Predictions 2022
Update

27.01.2022
Benelux Data Law: five things you need to know in 2023
Update

11.01.2022
Luxembourg IP & Technology Law: five things you need to know
Publication

15.12.2021
Data Protection notices after the Whatsapp case: what's the message?
Corporate news

14.12.2021
NautaDutilh Luxembourg ranked in Chambers FinTech 2022
Deal or Case news

29.11.2021
NautaDutilh assists shareholders of Mepal in investment by 3i
Update

25.11.2021
Prohibition of online advertising in a list of e-mails or messages: a misstep by the CJEU?
Update

26.10.2021
Why all companies should care about the UN's cybersecurity & software update regulations: Lessons for all sectors
Update

15.10.2021
New rules on material IT outsourcing in the financial sector
Publication

17.09.2021
NautaDutilh contributes to Technology Disputes Guide by Lexology
Update

17.08.2021
NautaDutilh contributes to digitalization series by EACCNY
Publication

19.07.2021
Long-awaited clarity on required safeguards for international data transfers
Corporate news

02.07.2021
NautaDutilh's IP & Tech Law team recognised by Leaders League
Update

17.06.2021
Belgian DPA: fines prohibited in the absence of a prior order to comply?
Update

15.06.2021
The CNPD Publishes Several Decisions Following Investigations
Update

07.06.2021
Europe proposes first-ever statutory framework for AI
Update

12.05.2021
Lindsay Korytko in Silicon Luxembourg on IP and contractual protection of APIs in the EU
Update

29.04.2021
Insufficient cybersecurity measures under GDPR: 100k EUR fine in Belgium & key fines elsewhere
Update

15.04.2021
Regulatory changes in the audiovisual media sector
Corporate news

01.04.2021
NautaDutilh wins Benelux Firm of the Year – Trademark Award at the Managing IP Awards
Corporate news

26.03.2021
NautaDutilh participates to Brexit and Covid legal update webinar
Corporate news

18.03.2021
NautaDutilh strengthens position as leading Benelux firm in Chambers 2021 rankings
Update

17.03.2021
New law brings Luxembourg to the forefront of distributed ledger technology
Corporate news

01.03.2021
NautaDutilh organises public procurement webinar
Update

15.02.2021
The Sky Is Not the Limit: Space Activities in Luxembourg
Publication

20.01.2021
New European Cloud Outsourcing Requirements for Fund Managers
Update

21.12.2020
Adoption of New Secondment Act
Update

02.12.2020
(Alleged) data protection infringement? Say bye-bye to your .be domain name
Update

18.11.2020
Personal data transfers to the UK: Last weeks to prepare for an increasing likely «no-deal» Brexit
Update

17.11.2020
Understanding the new agreement on teleworking
Update

17.11.2020
New Belgian DPA decision: employee consent sometimes works
Update

12.11.2020
Finally some practical EDPB guidance on how to make international data transfers lawful
Publication

05.11.2020
ICLG - Cartels & Leniency 2021 Luxembourg Chapter
Update

13.10.2020
The Court of Justice of the EU clarifies the assessment of position marks for services
Publication

12.10.2020
How to use your intellectual property as collateral for a loan
Update

07.10.2020
What to do with ex-employee mailboxes? Belgian DPA fines post-dismissal use of e-mails
Update

14.09.2020
New controller-processor guidelines: beware of impact on data processing agreements
Update

14.08.2020
Benelux Regulators to Apply EIOPA Guidelines on Outsourcing to Cloud Service Providers by Insurance and Reinsurance Undertakings
Update

03.08.2020
New Belgian DPA decision: broader "controller" concept & extensive access rights?
Update

30.07.2020
Luxembourg law on e-signature and other trust e-services now fully consistent with the eIDAS Regulation
Update

16.07.2020
Schrems II: What is (or should be) on your to-do list for international data transfers?
Update

14.07.2020
What does the new Google decision by the Belgian DPA mean for other organisations?
Publication

02.07.2020
Doing Business in Luxembourg - 2020
Update

23.06.2020
Surveys, transparency and DPIAs: tips from the Belgian DPA
Update

12.06.2020
CJEU rules that free samples of OTC medicinal products can be provided to pharmacists
Update

10.06.2020
Belgium: new data protection decisions on complaints by opponents – next, competitors?
Update

25.05.2020
Belgium: what has GDPR year 2 taught us, and what will come next?
Update

20.05.2020
Belgium: two new fines for tell-a-friend and health-related GDPR violations
Publication

19.05.2020
GDPR: some organisations may need a new DPO according to the Belgian Data Protection Authority
Corporate news

04.05.2020
NautaDutilh Avocats Luxembourg hosts webinar "Manage a company remotely in compliance with Luxembourg law"
Update

09.04.2020
Freshly baked cookie guidance from Belgian Data Protection Authority
Update

06.04.2020
CJEU renders important decision on the liability of online platforms in trade mark infringement cases
Update

02.04.2020
EU Copyright: lending out vehicles with radio receivers is not a “communication to the public”
Corporate news

01.04.2020
NautaDutilh Appoints Antoine Laniez Litigation & Arbitration Partner
Publication

19.03.2020
EIOPA Guidelines on outsourcing to cloud service providers by insurance and reinsurance undertakings
Update

17.03.2020
COVID-19 & homeworking: how will we sign documents now?
Publication

17.03.2020
What legal framework for your APIs in the financial sector?
Update

20.02.2020
Artificial Intelligence White Paper: what are the practical implications?
Publication

17.02.2020
The Belgian data protection authority issues guidance on the processing of personal data for direct marketing purposes
Update

11.02.2020
Want to reach your customers or prospects? Important new direct marketing guidance in Belgium
Publication

23.01.2020
Cookies are to be consumed with moderation certainly in the Christmas period
Update

07.01.2020
Clarity on territoriality?

Related articles

Counting down to DORA – governance of ICT risks and board member responsibility

ICT services: comparison of the ESMA and EBA outsourcing guidelines and DORA

NautaDutilh intensifies AI collaboration with Fledger

DMA countdown - Perhaps the most important milestone: gatekeepers must ensure compliance

NautaDutilh IP team maintains strong standing in WTR 1000 2024

Counting down to DORA – Mapping and classification of ICT services

Privacy & data in the Benelux: five things you need to know in 2024

Benelux Competition Law in 2024: five things you need to know

Technology and the law in 2024: five things you need to know

Counting down to DORA – three key aspects

Strict liability regime in case of enforcement of invalid IP rights can be 'appropriate'

EU AI Act: three key insights on the world's first comprehensive AI law

The Chambers Technology & Outsourcing guide 2023

Q&AI: What financial institutions need to consider when using AI

The Foreign Direct Investment Regimes Guide 2024

Life Sciences challenges and opportunities in Europe and the USA: key insights

Luxembourg FDI screening mechanism enters into force

A new era in patent litigation: five things to know about the start of the UPC

Update Luxembourg law on business licenses: three key insights

Third parties can intervene in BDPA proceedings and appeal its decisions

The twin transition of the financial sector: eight key insights

The law on the use of digital tools and processes in company law in force in Luxembourg

The competition dynamics in relation to cloud services

NautaDutilh assists founding shareholders of Route Mobile in selling majority stake to Proximus

Green light for EU-US Data Privacy Framework: a new era for transatlantic data flows

NautaDutilh writes Netherlands chapter of the Global Legal Insights on AI, Machine Learning and Big Data 2023

NautaDutilh named Benelux Trademark Firm of the Year at the 2023 Managing IP Awards

The law on the use of digital tools and processes in company law

Luxembourg: introduction of national FDI screening mechanism

Upcoming EU legislation on artificial intelligence

NautaDutilh Luxembourg ranked in Chambers FinTech 2023

Best practices for drafting and updating data protection notices

NautaDutilh assists Bluestar Alliance in Scotch & Soda acquisition

EU Foreign Subsidies Regulation (FSR): five things you need to know

Using ChatGPT and other generative AI tools: risks and challenges

Benelux Competition Law in 2023: five things you need to know

Data Protection in Belgium: the 2023 focus of the BDPA

The end-user and its avatar - data integrity risks and ethical challenges in the metaverse - Part one

NautaDutilh contributes to IAPP's Global Legislative Predictions 2023

Online platforms and search engines to publish average monthly active recipients (AMARs) in EU by 17 February 2023

Benelux Technology Law in 2023: five things you need to know

CJEU decision extending the scope of article 5(1) of the Damages Directive

UPC update: extension Sunrise Period, judicial appointments and more

GDPR & AML: no longer public access to UBO data without legitimate interest

A low degree of similarity?

No longer public access to UBO data without legitimate interest

Digital Markets Regulation: now a reality in the EU

DORA: the forthcoming EU legal framework on Digital Operational Resilience in the financial sector

Vincent Wellens on FATCA in the Paperjam

DORA the EU Regulation

NautaDutilh contributes to Technology Disputes Guide by Lexology

The Unified Patent Court: five things you need to know

Privacy and security concerns in the metaverse

Paying a tribute is not dishonest

Luxembourg first member state to launch a certification mechanism under the GDPR

European Data Protection Board harmonises EU fining guidelines

New GDPR guidelines on fines on the way

Data protection impact assessments new EDPS recommendations

Heavy fines for Belgian airports for using thermal imaging cameras – what are the lessons for the other controllers?

Revamped CSSF outsourcing guidance for the financial sector

20 years of NautaDutilh Luxembourg

Public procurement in 2022: five things you need to know

NautaDutilh's Benelux IP-team stands out in WTR1000 2022

Technology & the law in 2022: five things you need to know

Our privacy experts Vincent Wellens and Yoann Le Bihan contribute to the IAPP’s Global Legislative Predictions 2022

Benelux Data Law: five things you need to know in 2023

Luxembourg IP & Technology Law: five things you need to know

Data Protection notices after the Whatsapp case: what's the message?

NautaDutilh Luxembourg ranked in Chambers FinTech 2022

NautaDutilh assists shareholders of Mepal in investment by 3i

Prohibition of online advertising in a list of e-mails or messages: a misstep by the CJEU?

Why all companies should care about the UN's cybersecurity & software update regulations: Lessons for all sectors

New rules on material IT outsourcing in the financial sector

NautaDutilh contributes to Technology Disputes Guide by Lexology

NautaDutilh contributes to digitalization series by EACCNY

Long-awaited clarity on required safeguards for international data transfers

NautaDutilh's IP & Tech Law team recognised by Leaders League

Belgian DPA: fines prohibited in the absence of a prior order to comply?

The CNPD Publishes Several Decisions Following Investigations