INFORMATION SECURITY PORTAL
The Swedish Social Insurance Agency have made an analysis of the use of cloud services, e.g. risks and how to move forward.
The guide is for companies and what to think about/what needs to be handled regarding their business and GDPR. The guide is in Swedish.
The European Union is also supplying a guide/checklist for GDPR which is in English.
Due to the information leakage that occurred in connection with the outsourcing of IT operations at the Swedish Transport Agency, SKR (Sweden's Municipalities and Regions) has produced information in support of municipalities and regions regarding outsourcing.
Synch Advokat AB has written a memorandum on the Cloud Act in order to explain and clarify the meaning and consequences of the same. The memorandum was written at the request of the American Chamber of Commerce in Sweden (“AmCham”) 14thof June 2019.
SKR (Sweden's Municipalities and Regions) has developed guidelines that help municipalities and regions analyze issues of law and security for cloud services.
To decide whether your organization should use cloud services, you need to analyze a number of aspects. This is to ensure that the cloud service is suitable for the business and the information to be managed. What needs to be analyzed is the legal conditions and security of the information.
The concepts of controller, joint controller and processor play a crucial role in the application of the General Data Protection Regulation 2016/679 (GDPR), since they determine who shall be responsible for compliance with different data protection rules, and how data subjects can exercise their rights in practice. The precise meaning of these concepts and the criteria for their correct interpretation must be sufficiently clear and consistent throughout the European Economic Area (EEA). These are guidelines (version 1.0) from European Data protection Board (edpb), adopted on 02 September 2020.
The guidance from eSam will provide legal support for confidentiality and data protection considerations that an authority must make prior to a planned outsourcing. The guidance shall also provide information on appropriate measures to ensure the correct handling of the information and information systems affected by outsourcing.
It touches on global cloud services and addresses issues of IT agreements and explains new rules on information security. The content is based on the reports and studies mentioned in the guidance and on statements in the legislative matters where legal issues of the type in question have been considered. The information is in Swedish.