Data Processing and Maintenance in Different Jurisdictions When Using a SaaS Solution in a Public Sector Organisation
Keywords:SaaS, lock-in, Microsoft 365, public procurement , contract terms , GDPR , case study
Many public sector organisations (PSO) use SaaS solutions from dominant global providers. Implementation of these solutions may raise issues concerning both lawful data processing, and the obligations that those PSOs have to maintain their digital assets. One example is a large Swedish PSO which addressed these issues as part of the adoption and implementation of Microsoft 365. The study identifies challenges and presents an analysis of the organisational implementation of that SaaS solution, exposing legal issues that arose in that context. Findings show an absence of a documented risk analysis related to the PSO's use of that SaaS solution, covering data processing and maintenance of its digital assets. Recommendations are presented to facilitate a PSO's procurement and implementation of such a SaaS solution to address issues around data processing and the processing of digital assets.
How to Cite
Copyright (c) 2022 Björn Lundell, Jonas Gamalielsson, Andrew Katz, Mathias Lindroth
This work is licensed under a Creative Commons Attribution 3.0 Unported License.
JeDEM is a peer-reviewed, open-access journal (ISSN: 2075-9517). All journal content, except where otherwise noted, is licensed under the Creative Commons Attribution 3.0 Austria (CC BY 3.0) License.