​85 institutions and authorities will transfer their IT systems and electronic government services to the private government cloud, an IT platform that will house the IT systems of central government institutions, according to the draft Government Decree. Ministries such as the Ministry of the Interior (MAI), the Ministry of Foreign Affairs (MAE) or the Ministry of Defense (MApN) are currently missing from the list, as well as key authorities such as the Telecommunications Ombudsman (ANCOM).

Public private cloud, the largest digitization investment in PNRR, almost 600 million eurosit is an IT platform that will be managed Authority for Digitization of Romania (ADR) in cooperation with the DPS and the Research Institute.

• Special Telecommunications Service (STS) will provide implementation, technical and operational administration, cybersecurity, maintenance, and continued development of the government’s private cloud, Infrastructure as a Service (IaaS), and Platform as a Service (PaaS) core infrastructure.
• Romanian Information Service (SRI) will ensure the cyber security of the government private cloud by knowing, preventing and countering cyber-attacks, threats, risks and vulnerabilities, including sophisticated type APTs, directed against the services of the government private cloud (software as a service – SaaS) and hosted objects.

85 state authorities and institutions will move to the cloud: MAI, MAE or MApN are not yet on the list

The list of 85 state bodies and institutions that will move to the future private government cloud was created in a draft Government decision that is currently being discussed in the Economic and Social Council.

• SEE THE HG PROJECT AND THE LIST OF 85 INSTITUTIONS HERE

The draft regulatory act has come out of the approval procedure and can be adopted by the Government this week, he said on his Facebook page. Andrey Nikoara, e-governance services expert.

The draft RD states that the list of state authorities and institutions is periodically updated in accordance with the requests of state institutions that will be placed on the platform, as well as the interconnection/integration of public services on the platform.

MAI, MAE, MApN or ANCOM are not listed

The list includes all kinds of institutions, authorities, BNR, the Competition Council, the High Council of Magistrates, the Supreme Court of Cassation and Justice, the Ministry of Public Affairs – the Prosecutor’s Office at the Supreme Court of Cassation and Justice, the Court of Accounts, the People’s Advocate, the Chamber of Deputies, the Senate, companies such as Bucharest and CNAIR airports, as well as ministries, with some notable absentees.

Thus, the list does not include the Ministry of Internal Affairs (MAI), the Ministry of Defense (MAPN) and the Ministry of Foreign Affairs (MFA) or any structures that coordinate them.

For comparison, the list also does not include the Ministry of Labor or the Economy, but their absence is compensated by subordinate institutions and bodies, such as: the National State Pension Chamber, the National Employment Agency, the National Agency for Payments and Social Inspection, the Labor Inspectorate, the State Assets Management Office or the National Department for the Protection of Consumer Rights.

Institutional reluctance to move to the cloud: what has changed since last year

We remember last springmore than 20 government agencies, some of which provide a very large number of e-government services, were hesitant to move their IT systems to the government cloud.

6 of them, including the DNA, the Constitutional Court, the Permanent Electoral Authority and the Commercial Register (ONRC), have indicated that they refuse to use this system, while the Ministry of the Interior (MAI) wanted to hold a preliminary discussion on the use of the government’s cloud infrastructure.

Meanwhile, everything changed. If DNA or CSM appear in the list of 85 state institutions, MAYBE, Permanent electoral body or Trade register nor are they in a rush to migrate their IT systems to the cloud.

How citizens will be informed about access to their personal data

In order to verify the legality of the processing of personal data, monitor and ensure the proper integrity and security of personal data, authorities and public institutions that use cloud services (USC) are obliged to store information about the processing actions carried out through the cloud services provided as part of government private cloud (CPG).

This information is stored in the form of logs, system logs and will be presented transparently and directly to the data subject at his request or through the notification program on the processing of personal data, depending on the circumstances, mentioned in the HG project.

Data access logs are stored for a period of 36 months from the date of registration of the action regarding the relevant information.

ADR will provide users of cloud services (USC, respectively authorities and government agencies) with an application to generate notifications so that they can inform citizens of any action taken on personal or commercial data of an individual, organization or system and any updates relevant to the sub data object.

The application will be able to generate two types of notifications: a) notifications caused by actions caused by the human factor; b) notifications initiated by an application, service or login interface.

State authorities and institutions that use the Government Private Cloud will have to inform the owners of personal data both about the actions taken at the IT platform level regarding their personal data, and about the initiator of the action through the application or by its own means.

Photo source: Dreamstime.com.