Expert Outlines Personal Data Act's Cloud Provisions
PRIVACY LAW—SWEDENOctober 7, 2011
In this IAPP Europe Data Protection Digest exclusive, Jim Runsten of Bird & Bird explores how the Swedish Personal Data Act applies to the handling of personal data by cloud services. As recently as September, Runsten notes, the Data Inspectorate Board released guidance on the processing of such data. His report explores those data controller responsibilities, including verifying legality, analysing risk and vulnerability, ensuring there is a personal data processer agreement in place, establishing appropriate security measures and addressing third-country issues. "It still remains to be seen whether all of the above requirements...can realistically be achieved by service providers," Runsten writes.