Data Processing and Maintenance in Different Jurisdictions When Using a SaaS Solution in a Public Sector Organisation

Many public sector organisations (PSO) use SaaS solutions from dominant global providers. Implementation of these solutions may raise issues concerning both lawful data processing, and the obligations that those PSOs have to maintain their digital assets. One example is a large Swedish PSO which addressed these issues as part of the adoption and implementation of Microsoft 365. The study identifies challenges and presents an analysis of the organisational implementation of that SaaS solution, exposing legal issues that arose in that context. Findings show an absence of a documented risk analysis related to the PSO's use of that SaaS solution, covering data processing and maintenance of its digital assets. Recommendations are presented to facilitate a PSO's procurement and implementation of such a SaaS solution to address issues around data processing and the processing of digital assets.