The General Data Protection Regulation (GDPR) is the EU-wide law protecting personal data. Since 25 May 2018 it governs how organisations collect, store and process personal data.
The General Data Protection Regulation (GDPR, German DSGVO) is a regulation of the European Union for the protection of personal data. It has applied directly in all EU member states since 25 May 2018 and sets out how companies and organisations may lawfully collect, store, process and delete personal data. Its aim is to strengthen individuals' control over their own data.
Anyone who stores or processes personal data in a cloud remains bound by the GDPR as the controller. The cloud provider is usually a processor. This requires a data processing agreement (DPA), clearly governed access and documented technical and organisational measures. A GDPR-compliant cloud helps companies meet these obligations demonstrably.
A server location in Germany or the EU is important, but not sufficient on its own. If the provider belongs to a US group, US laws such as the US CLOUD Act can compel access to data regardless of where the servers stand. For full data sovereignty, what also counts is who operates the service and which law the company is subject to.
SecureCloud is hosted entirely in Germany and operated by a German company. The service is GDPR-compliant, ISO 27001- and Trusted-Cloud-certified, BSI C5-attested and CIS-compliant. Data is stored encrypted, access can be controlled and logged granularly, and a DPA is part of the offering. This keeps companies in control of their data, alongside their existing office cloud.
US cloud services can technically meet some GDPR requirements, but as US companies they remain subject to laws such as the US CLOUD Act. This creates the risk of government access from a third country, which conflicts with data sovereignty.
An EU server location is an important building block, but not decisive on its own. What also matters is which law the provider is subject to and how access is governed and documented.
Breaches of the GDPR can lead to fines of up to 20 million euros or 4 percent of worldwide annual turnover, whichever is higher.
Unsere Experten beantworten Ihnen gerne alle Fragen.