This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ncc-services-wg@ripe.net/
[ncc-services-wg] New on RIPE Labs: RPKI Repositories and the RIPE Database in the Cloud
- Previous message (by thread): [ncc-services-wg] New on RIPE Labs: RPKI Repositories and the RIPE Database in the Cloud
- Next message (by thread): [ncc-services-wg] New on RIPE Labs: RPKI Repositories and the RIPE Database in the Cloud
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Maria Stafyla
mstafyla at ripe.net
Wed May 19 16:12:33 CEST 2021
Dear Martin, As part of our cloud first strategy, we have put in place policies mandating that if we decide to migrate to cloud a service that contains personal data, this data will be stored and processed in data storage locations within the EEA. When personal data is not processed outside the EEA, there is no transfer of personal data occurring. In the event that for example access to our data is required from outside the EEA (e.g. we request technical support from the cloud provider and this gets provided by technical staff outside the EEA), one of the offered under GDPR transfer mechanisms such as transfers based on an adequacy decision issued by the European Commission, Standard Contractual Clauses etc would serve as the legal basis for this transfer to take place. The most common transfer mechanism that we see being used by our service providers are the Standard Contractual Clauses and valid adequacy decisions. With regards to international transfers of personal data based on the Standard Contractual Clauses, we perform an assessment to understand what additional measures are required to be put in place on a case-to-case basis. Examples include technical (e.g. limiting access to the data that is strictly necessary for the particular case) and contractual measures (e.g. verifying the provider's transparency with regards to received orders to disclose their customer's data and how they respond to those requests). Regarding your last question, we would like to reassure you that before we migrate a service to the cloud various internal stakeholders including technical, security, legal, communications and other colleagues are consulted to advise on the matter. These analysis are meant for internal purposes. Kind regards, Maria Stafyla Senior Legal Counsel RIPE NCC
- Previous message (by thread): [ncc-services-wg] New on RIPE Labs: RPKI Repositories and the RIPE Database in the Cloud
- Next message (by thread): [ncc-services-wg] New on RIPE Labs: RPKI Repositories and the RIPE Database in the Cloud
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]