Moving your company's files to the cloud is easy, the hard part is making sure the storage is done properly. If you use a cloud service based outside the EU, you should think about your business's procedures for handling sensitive data.
Below we explain 3 key points to keep in mind when it comes to foreign cloud services.
By supplementing the existing IT environment with a Swedish, secure cloud service, it becomes much easier to comply with GDPR when handling files containing sensitive data such as personal data.
For businesses that handle personal data in overseas cloud services, the consequences can be significant and costly. What exactly is involved and who is responsible for the correct handling of data? We summarize what you need to know in three points:
1. Full transparency of your data with foreign cloud services
Foreign cloud services often have websites and programs in Swedish, even if the company is based outside the EU. Many also offer storage on servers located in the EU to Swedish companies. It is easy to fall into the trap of thinking that you are complying with GDPR if you use such a service, but it is not quite that simple.
"Few people are aware that, for example, US national legislation cannot be negotiated away when choosing a US cloud service provider. The US CLOUD Act makes it possible for the US authorities to request data stored in US cloud services without informing the person who stored the data. This applies regardless of whether the storage is located inside or outside the EU, as a US cloud service is always subject to US legislation. For Swedish companies that store data with American cloud services, this means that they can provide full transparency of business-critical information."Axel Hermansen, CEO Storegate AB
2. Integrity cannot be guaranteed
Previously, transfers of personal data to the US were allowed, but since the annulment of the Privacy Shield in 2020, transfers of personal data of EU citizens to US-owned cloud services are no longer allowed.
The GDPR aims to "...protect the fundamental rights and freedoms of individuals, in particular their right to the protection of personal data". However, with laws such as the CLOUD Act, which are contrary to the GDPR, it becomes impossible to guarantee the privacy of EU citizens and thus it is not compatible with the GDPR to process personal data in overseas cloud services.
3. Responsibility rests with the customer
It is the customer's responsibility to ensure that data is stored correctly, and to ensure that employees handle data in accordance with applicable laws and regulations and do not themselves use inappropriate solutions in the absence of clear rules of conduct and procedures for handling information.
There have been a number of high-profile cases where companies and authorities have been fined for not being sufficiently careful about the handling of personal data and the cloud service they used. In these cases, personal data has been processed in non-European cloud services and the organizations have been fined due to inadequate processing of personal data. In 2020, the Swedish Authority for Privacy Protection (IMY) decided on penalties of SEK 150 million, which were mainly aimed at businesses that did not comply with the General Data Protection Regulation (GDPR).
A Swedish cloud service for business files
At Storegate, we make it easy for you and your business to store, share and collaborate on files. In our Swedish cloud service, you can manage sensitive data and personal information without worrying about transparency and the influence of foreign laws. You avoid the uncertainty that comes with foreign cloud services and can focus on your core business. It will be easy to comply with GDPR with a Swedish cloud. We safeguard privacy and store all information in Sweden in compliance with GDPR, under Swedish law.
We have been helping Swedish companies and authorities with secure cloud solutions since 2003 and our customers include all kinds of industries.
We can help you with a solution that suits your business, contact us and we will tell you more!