Microsoft Embeds the EU's Data Transfer Rules into Office 365

Top Line: Microsoft will sign Office 365 contracts containing the EU's model data protection clauses

(PresseBox) ( Frankfurt am Main, )
In 2010, the European Commission published a set of model clauses that can be added to services contracts where the service provider remotely processes personal data (either about employees or customers) on behalf of the customer. The clauses commit the service provider - whether an outsourced, hosted or cloud service - to observing the rules of the EU Data Protection Directive.

Microsoft says it is now able to sign contracts for Office 365 that contain these model clauses - in other words, it complies with the Data Protection Directive. Microsoft also says that Office 365 complies with the US HIPAA rules that protect healthcare data.

Bottom Line for ICT Buyers:

1. If you operate in or across Europe, and you store personal data about staff or customers, you will already be aware of your responsibilities under the EU Data Protection Directive. Hosting and outsourcing service providers will almost certainly comply with its rules, but since cloud services providers are the 'new kids on the block', you will need to check that they fulfill its requirements by asking them specific questions -- in particular, if they are willing to sign contracts with the model clauses.

2. Some countries have data transfer requirements that are more stringent and the EU's transfer rules may not be enough. Microsoft says that it meets or exceeds the requirements of all EU member states. Again, you will have to ask specific questions of your cloud services vendors. It is not just U.S. vendors that should be aware of the directive: European suppliers may find themselves out of compliance if they have built their data transfer requirements for one country (e.g. the UK) and now offer them in another (e.g. Germany). Cloud services vendors from the UK in particular need to ensure that they are ready to meet the more stringent privacy requirements of other European countries.

3. A wide range of business applications (often cloud based) are becoming 'socialized' to improve collaboration and business effectiveness. This means that the personal data of employees and business partners will be captured and stored either deliberately or inadvertently by many types of applications that previously contained no personal information. You will have to be careful to ensure that this scope creep does not inadvertently affect your own compliance.
Für die oben stehenden Pressemitteilungen, das angezeigte Event bzw. das Stellenangebot sowie für das angezeigte Bild- und Tonmaterial ist allein der jeweils angegebene Herausgeber (siehe Firmeninfo bei Klick auf Bild/Meldungstitel oder Firmeninfo rechte Spalte) verantwortlich. Dieser ist in der Regel auch Urheber der Pressetexte sowie der angehängten Bild-, Ton- und Informationsmaterialien.
Die Nutzung von hier veröffentlichten Informationen zur Eigeninformation und redaktionellen Weiterverarbeitung ist in der Regel kostenfrei. Bitte klären Sie vor einer Weiterverwendung urheberrechtliche Fragen mit dem angegebenen Herausgeber. Bei Veröffentlichung senden Sie bitte ein Belegexemplar an