- The 2019 activity report of the Data Protection Officer of the Canton of Zurich is the 25th and last under Bruno Baeriswyl.
- Bruno Baeriswyl resigns; Dr. Dominika Blonski takes over the office on 1 May 2020.
- Focus: Use of cloud structures with reference to DPO information sheet and guidelines.
- Outsourcing to foreign cloud providers is not generally excluded; risk analysis and protective measures are required.
The Data Protection Commissioner (DPO) of the Canton of Zurich has published his 2019 activity report. It is the 25th and last activity report under the aegis of the unfortunately retiring commissioner Bruno Baeriswyl (Media release). His office will be taken over as of May 1, 2020 by Dr. Dominika Blonski, the current head of the DPO’s Legal and Information Security Department.
One of the main topics of the activity report (PDF) is the use of cloud structures. Reference should be made here to the relevant documents of the DPO, especially the Leaflet Cloud Computing, the Edit to order guide and the Guideline Special Data Protection Aspects of Cloud Use. A Outsourcing to foreign cloud providers is therein not generally excluded; rather, the outsourcing public body must conduct a risk analysis and take appropriate technical and organizational protective measures, which is illustrated as follows:
