All authorities and central or local government institutions that transfer their IT systems to the future public cloud equipment will have to keep a history of actions with personal data for 3 years. Citizens will be able to request this history from institutions, but there will also be an app that will notify them whenever someone accesses their data from the cloud.
The information is contained in the new draft of the Government Decree, presented for public discussion by the Ministry of Digital, which establishes how ADR, SRI and STS will be involved in the management of this platform, as well as the rights and obligations of institutions that will use cloud services.
- SEE THE HG DRAFT AND MAIN RECORD HERE
Data access logs are kept for 36 months
All information related to the actions of accessing this data from the cloud will be stored in the form of logs, system logs and will be presented “transparently and directly to the data subject at his request or through a notification program on the processing of personal data, depending on circumstances”.
- “The purpose of logging is to provide a citizen or authorized institutions upon request with a history of actions with personal data that are placed in the CPG, carried out by a person, organization or system. (..)
- Data access logs are stored for 36 months from the date of registration of the action on the relevant data.” it is shown in the project of the GD.
The fact that Romanians using e-government services provided by institutions hosted in the future government cloud, an IT platform worth more than €500 million financed from the PNRR, will have at their disposal program developed by the Romanian Digitalization Authority (ADR) whereby they will be notified when their personal data is available, was also established in an emergency order passed by the government on 27 June.
Cloud governance: what roles will be played by the Ministry, ADR, DPS and DPS
The explanatory note of the GD project presents the roles that the main government institutions will play in this cloud.
Ministry of Research, Innovation and Digitization (MCID) will deal with regulation in the field of implementation of interoperability, in accordance with the law on interoperability.
Authority for Digitization of Romania (ADR) has the role of monitoring, control and evaluation in the field of interaction. The main tool for achieving interoperability is the National Interoperability Platform (PNI), the sole administrator of which is ADR.
Special Telecommunications Service (STS) provides implementation, technical and operational administration, cybersecurity, maintenance, and continued development of the government’s private cloud infrastructure, infrastructure as a service (IaaS), and platform as a service (PaaS).
Romanian Intelligence Service (SRI) ensures cyber security of the government private cloud by knowing, preventing and countering cyber-attacks, threats, risks and vulnerabilities, including sophisticated, APT-type, directed against government private cloud services (software as a service – SaaS) and hosted entities.
- “SRI and STS perform their duties expressly provided for by GEO only within the scope of the general powers provided for by their laws of organization and operation.
- Any activity that involves limiting the realization of fundamental rights and freedoms and is directed at the Government Cloud is terminated only by judge’s decision rights and freedoms in accordance with the purpose and within the limits provided by the Criminal Procedure Code or Law no. 51/1991.”, this is also shown in the explanatory note.
The document mentions that the future government cloud will not collect new data, but only offer shared and compatible hosting for those already owned/administered/used by the Romanian public authorities.
The entry into force of GEO will allow public administrations to use the services
the cloud will gradually replace in-house data centers and IT departments. Government organizations will be able to use cloud services to rapidly test and expand their offerings to their customers, as they can do so without investing in or building physical infrastructure, the rationale states.
The GD project defines how all of these powers will work together with responsibilities in managing the government cloud.
Photo source: Nmedia / Dreamstime.co
Source: Hot News RO
Anna White is a journalist at 247 News Reel, where she writes on world news and current events. She is known for her insightful analysis and compelling storytelling. Anna’s articles have been widely read and shared, earning her a reputation as a talented and respected journalist. She delivers in-depth and accurate understanding of the world’s most pressing issues.