This guidance is targeted primarily at organisations that would like to start using one or more cloud services and attempts to address the relevant elements of data protection law that you as the controller should consider when you intend to use cloud service. However, many of the issues addressed in this guidance apply equally to most other IT service delivery models.
The use of cloud services does not introduce any new issues in relation to data protection law than other IT service delivery models. However, there are certain elements of data protection law which you must pay special attention to when using cloud services. These include (i) the use of processors and sub-processors, (ii) security of processing, and (iii) transfers of personal data to third countries.