Are cloud providers compliant with the GDPR?

Attention, the US law Cloud ACT (Clarifying Lawful Overseas Use of Data Act) allows US authorities to access all your data – even without a court order. All data stored by US companies, even abroad, is treated as if it were stored on servers in the US. This law applies to internet providers, IT service providers and cloud providers based in the US and their clientele. If a company in Europe is part of a US company or exchanges data with US companies, it is subject to the Cloud Act.

The Cloud Act affects both personal and corporate data of commercial information, trade secrets and other intellectual property. No safeguards against access by US authorities are provided by technical encryption, trustee models or bilateral agreements. This creates a legal conflict with the GDPR.

Cloud providers with headquarters and data centre in the EU offer maximum security and are DSGVO-compliant. Also look for test certificates such as ISO27001, ISAE3402, C5, PS860 i. V. m. PH 9.860.1

We advise and audit cloud providers for compliance with legal security-relevant requirements.