Recital 82

Undermining the extraction of the exportable data that belongs to the customer from the source provider of data processing services can impede the restoration of the service functionalities in the infrastructure of the destination provider of data processing services. In order to facilitate the customer’s exit strategy, avoid unnecessary and burdensome tasks and to ensure that the customer does not lose any of their data as a consequence of the switching process, the source provider of data processing services should inform the customer in advance of the scope of the data that can be exported once that customer decides to switch to a different service provided by a different provider of data processing services or to move to an on-premises ICT infrastructure. The scope of exportable data should include, at a minimum, input and output data, including metadata, directly or indirectly generated, or cogenerated, by the customer’s use of the data processing service, excluding any assets or data of the provider of data processing services or a third party. The exportable data should exclude any assets or data of the provider of data processing services or of the third party that are protected by intellectual property rights or constituting trade secrets of that provider or of that third party, or data related to the integrity and security of the service, the export of which will expose the providers of data processing services to cybersecurity vulnerabilities. Those exemptions should not impede or delay the switching process.