3 things you need to know about foreign cloud services

Moving your business files to the cloud is easy, but making sure they are stored properly is more difficult. Anyone using a foreign cloud service should think about the business' procedures for handling sensitive data. Below we explain 3 important points to keep in mind when using foreign cloud services. Complementing your existing IT environment with a Swedish, secure cloud service makes it much easier to comply with GDPR when handling files containing sensitive data such as personal data.

Try the Swedish option!

Get full control of your data in a Swedish cloud. 14 days free trial.
Important points if you use foreign cloud services

For businesses that process personal data in foreign cloud services, the consequences can be significant and costly. What really applies and who is responsible for ensuring that data is handled correctly? We summarise in three points:

1. Full transparency of your data with foreign cloud services

Foreign cloud services often have both a website and software in English. Many also offer storage on servers located in the EU to Swedish companies. It's easy to fall into the trap of thinking you're complying with GDPR if you use such a service, but it's not quite that simple.  

Few are aware that, for example, US national laws cannot be waived when choosing a US cloud service provider. 

The CLOUD Act will allow the US authorities to request data stored in US cloud services without informing the data controller. This is true whether the storage itself is located inside or outside the EU, as a US cloud service is always subject to US law.

For Swedish companies that store data with US cloud services, this means that they have the possibility of full transparency of business-critical information. It is not only the US that uses this type of legislation. The same applies to countries such as China, but since the major cloud providers are exclusively American companies, this is where the problem lies for Swedish businesses.

With foreign cloud services, it is therefore a question of whether a business wants to risk transparency of the files it stores. Many are unaware of the laws that expose business information to foreign powers at the touch of a button.

Read more about security and how we handle your stored information here.

2. Integrity cannot be guaranteed

Previously, transfers of personal data to the US were allowed, but since the annulment of the Privacy Shield in 2020, transfers of personal data of EU citizens to US-owned cloud services are no longer allowed.

TheGDPR aims to "...protect the fundamental rights and freedoms of individuals, in particular their right to the protection of personal data." But with laws like the CLOUD Act, which contradicts the GDPR, it becomes impossible to guarantee the privacy of EU citizens and thus it is not compatible with the GDPR to process personal data in foreign cloud services such as Google Drive, Dropbox and Onedrive.

3. Responsibility rests with the customer

It is the customer's responsibility to ensure that data is stored correctly, and to ensure that employees handle data in accordance with applicable laws and regulations and do not themselves use inappropriate solutions in the absence of clear rules of conduct and procedures for handling information.

There have been a number of high-profile cases where companies and public authorities have been fined for not being sufficiently careful about how they handle personal data and which cloud service they use. In these cases, personal data has been processed in foreign cloud services and businesses have been fined for inadequate handling of personal data. In 2020, the Swedish Data Protection Authority (IMY) decided to impose penalties of SEK 150 million, these were mainly targeted at businesses that did not comply with the General Data Protection Regulation, GDPR.

A Swedish cloud service for business files

At Storegate, we make it easy for you and your business to store, share and collaborate on files. In our Swedish cloud service, you can manage sensitive data and personal information without worrying about transparency and the influence of foreign laws. You avoid the uncertainty that comes with foreign cloud services and can focus on your core business. It will be easy to comply with GDPR with a Swedish cloud. We safeguard privacy and store all information in Sweden in compliance with GDPR, under Swedish law. 

We have been helping Swedish companies and authorities with secure cloud solutions since 2003 and our customers include all kinds of industries.

We can help you with a solution that suits your business, contact us and we will tell you more!