GDPR

The General Data Protection Regulation (GDPR) is the EU-wide law protecting personal data. Since 25 May 2018 it governs how organisations collect, store and process personal data.

What is the GDPR?

The General Data Protection Regulation (GDPR, German DSGVO) is a regulation of the European Union for the protection of personal data. It has applied directly in all EU member states since 25 May 2018 and sets out how companies and organisations may lawfully collect, store, process and delete personal data. Its aim is to strengthen individuals' control over their own data.

What does GDPR compliance mean for cloud services?

Anyone who stores or processes personal data in a cloud remains bound by the GDPR as the controller. The cloud provider is usually a processor. This requires a data processing agreement (DPA), clearly governed access and documented technical and organisational measures. A GDPR-compliant cloud helps companies meet these obligations demonstrably.

Requirements for a GDPR-compliant cloud

  • Data processing agreement (DPA) with the provider
  • Encryption of data in transit and at rest
  • Granular access rights and traceability (audit log)
  • Clear server location and transparent sub-processors
  • Deletion and retention concepts
  • Protection against access by third countries

Is a server location in the EU enough?

A server location in Germany or the EU is important, but not sufficient on its own. If the provider belongs to a US group, US laws such as the US CLOUD Act can compel access to data regardless of where the servers stand. For full data sovereignty, what also counts is who operates the service and which law the company is subject to.

How SecureCloud supports GDPR compliance

SecureCloud is hosted entirely in Germany and operated by a German company. The service is GDPR-compliant, ISO 27001- and Trusted-Cloud-certified, BSI C5-attested and CIS-compliant. Data is stored encrypted, access can be controlled and logged granularly, and a DPA is part of the offering. This keeps companies in control of their data, alongside their existing office cloud.

Frequently asked questions

Is a US cloud GDPR-compliant?

US cloud services can technically meet some GDPR requirements, but as US companies they remain subject to laws such as the US CLOUD Act. This creates the risk of government access from a third country, which conflicts with data sovereignty.

Is a server location in the EU enough for GDPR compliance?

An EU server location is an important building block, but not decisive on its own. What also matters is which law the provider is subject to and how access is governed and documented.

What are the penalties for a GDPR breach?

Breaches of the GDPR can lead to fines of up to 20 million euros or 4 percent of worldwide annual turnover, whichever is higher.

Erfahren Sie mehr!

Unsere Experten beantworten Ihnen gerne alle Fragen.

Elevating business.