Can personal data be stored in a cloud service?

The simple answer to that question is yes! However, it depends on the cloud service you choose. There are a few things to consider before putting personal data on a cloud service, most importantly making sure that the processing is done in accordance with the GDPR and that the data subject has given their permission for you to process the personal data.

What does the GDPR say?

The GDPR requires data containing personal data to be stored on servers located within the EU, something that many foreign operators have sought to address by locating servers in Europe. Here it is easy to be lulled into a false sense of security. The CLOUD ACT allows US authorities to request data stored in US cloud services, regardless of where the storage is located. A US cloud service is always subject to US law.

Not ok with personal data in US cloud services

From a GDPR perspective, this means that it is not acceptable to handle sensitive data such as personal data in a US cloud service as privacy cannot be guaranteed due to laws such as the CLOUD ACT.

Breaching the GDPR can be costly. In 2020, the Privacy Authority (IMY) decided on penalties of SEK 150 million, these were mainly for businesses that did not comply with the GDPR.

Book a free demo

Does it feel complicated? By using Storegate's Swedish cloud service , you don't have to worry about personal data being handled in a way that violates GDPR. You avoid the uncertainty that comes with foreign cloud services and can focus on your core business.

We'd love to tell you more about how our Swedish cloud service makes it easier for you to comply with GDPR, book a free demo today. Fill in your email address and we will contact you shortly.