3 things you need to know about foreign cloud services

For businesses handling personal data in overseas cloud services, the consequences can be significant and costly. What are the rules and who is responsible for ensuring that data is handled correctly? We summarize what you need to know in three points:

1. Full transparency of your data with foreign cloud services

Foreign cloud services often have both their website and software in Swedish, even if the company is based outside the EU. Many also offer storage on servers located in the EU to Swedish companies. It is easy to fall into the trap of thinking that you are complying with the GDPR if you use such a service, but it is not quite that simple.

“Few people realize that, for example, US national legislation cannot be waived when choosing a US cloud service provider. The CLOUD Act makes it possible for the US authorities to request data stored in US cloud services without the person who stored the data being informed. This applies regardless of whether the storage itself is located within or outside the EU, as a US cloud service is always subject to US legislation. For Swedish companies that store data in US cloud services, this means that they can provide full transparency of business-critical information.”

Axel Hermansen, CEO Storegate AB

2. integrity cannot be guaranteed

Previously, transfers of personal data to the United States were allowed, but since the annulment of the Privacy Shield in 2020, transfers of personal data belonging to EU citizens to US-owned cloud services are no longer allowed.

The GDPR aims to “…protect the fundamental rights and freedoms of individuals, and in particular their right to the protection of personal data.” However, with laws like the CLOUD Act, which contradict the GDPR, it becomes impossible to guarantee the privacy of EU citizens and thus it is not compatible with the GDPR to process personal data in overseas cloud services.

3. responsibility rests with the customer

It is the customer’s responsibility to ensure that data is stored correctly, and it is also responsible for ensuring that employees handle data in accordance with applicable laws and regulations and do not use inappropriate solutions themselves in the absence of clear policies and procedures for handling information.

There have been a number of high-profile cases where companies and public authorities have been fined for not being sufficiently careful about the handling of personal data and the cloud service they used. In these cases, personal data was handled in non-European cloud services and the businesses were fined for inadequate handling of personal data. In 2020, the Swedish Data Protection Authority (IMY) imposed fines of SEK 150 million, mainly against businesses that did not comply with the General Data Protection Regulation (GDPR).

At Storegate, we make it easy for you and your business to store, share and collaborate on files. In our Swedish cloud service, you can handle sensitive data and personal data without worrying about transparency and the impact of foreign laws. You avoid the uncertainty that comes with foreign cloud services and can focus on your core business. It will be easy to comply with GDPR with a Swedish cloud. We protect privacy and store all information in Sweden in accordance with GDPR, under Swedish law.

We have been helping Swedish companies and authorities with secure cloud solutions since 2003 and our customers include all kinds of industries.

We will help you with a solution that suits your business, contact us and we will tell you more!

Contact us