How to easily avoid using servers in the USA
t3n: Companies that store their data on non-European servers are facing the huge shambles of the former Privacy Shield. Now it is time to be quick, because a suitable, safe alternative must be found.
Bye-bye Privacy Shield
The Privacy Shield, a data protection shield negotiated by the European and U.S. governments, was declared invalid by the European Court of Justice (ECJ) on July 16, 2020. The DSGVO (General Data Protection Regulation) has not been a foreign word to anyone for quite some time now. In Europe, a uniformly high standard for the protection of personal data has prevailed since its introduction. The Privacy Shield should ensure that, despite this high standard, data processing in international data traffic between Europe and the U.S. is still possible – and that the same high standard for data from Europeans is ensured for this data as well. According to the ECJ, Privacy Shield could not provide this security and thus did not enable a sufficient guarantee for the data protection of European citizens.
So this agreement is now invalid and data exchange between Europe and the U.S. is accordingly only possible with great difficulty without violating European data protection law. In practice, this means that companies that store personal data from Germany with companies in the USA or transfer it to these service providers are in breach of the GDPR. Many American companies have now started storing European customers’ data exclusively on servers in Europe. But is that the solution? Not really, because according to U.S. law, data from their providers must be released upon request – even if they are located outside of the U.S. Even the so-called standard contractual clauses, which are theoretically still possible, probably do not allow data to be transferred to U.S. companies if they do not provide any other precautions of a corporate nature or in the encryption of the data.
So if you are currently still relying on service providers in the USA, you should look around for an alternative as soon as possible. As a general rule, the less you rely on international providers, the lower the risk of getting into trouble with data protection. So that you don’t lose the overview, here are a few tips on how to proceed:
- Since Privacy Shield ceased to be a legal basis in August 2020, you should look for an alternative for data transfer in accordance with the GDPR as soon as possible (if not already done). In a nutshell: The servers on which personal data is stored must be located in the EU.
- Existing contracts should be reviewed for security, Privacy Shield notices should be removed, and contact should be made with the supervisory authority if necessary. In addition, data transfers for which there is no basis must be suspended or a new service provider must be found in the EU.
- You should also make sure when choosing service providers that they don’t have subcontractors that process their data in the US.
The Struggle in Practice
Admittedly, this all sounds a bit abstract right now. To make the problem – and solution – a little more vivid, Mareike’s story helps. Mareike is CEO at Datensammler AG. For its invoicing, it has been working closely for years with Chargebee, a company based in the USA. Accordingly, the data of their European and German customers are stored on Chargebee’s (American!) servers. In the past, Mareike and Chargebee, respectively, relied on Privacy Shield. Since this is no longer legal, she was looking for a suitable solution that would guarantee secure data transfer for her customers and protect the data from unauthorized third parties. In the process, she faced one or two challenges, as she naturally wants to be on the safe side legally. In her search for a suitable partner where she would not face this data protection issue, she came across the German company nexnet.
nexnet is an outsourcing service provider and expert in financial accounting, accounts receivable management and subscription billing. Because nexnet naturally deals with a lot of sensitive, personal data in these areas, data protection is a top priority here. Mareike has thus finally found a partner with whom she no longer has to worry – neither about the security of her customers’ data, nor about breaking European law. She is thrilled with how smoothly the switch to nexnet went and looks forward to a long, secure relationship.
Data protection made in Germany
A great deal of expertise and experience is required to guarantee the security of customer data. nexnet has both. For more than 20 years, nexnet has placed particular emphasis on the issue of data protection. All the data nexnet needs to perform its tasks is also stored, but never leaves the company’s own systems, as no external service providers are required – certainly not in the USA. Secure data transmission is guaranteed, among other things, by modern SSL certificates and data protection management system including data protection team. In addition, all employees receive regular training on security and data protection. nexnet’s data center is maintained, updated and expanded by the company’s own IT department. It is also monitored by a sophisticated safety system, achieving the highest level of safety. So you can rest assured that your data is optimally protected, and you don’t give cyber criminals a chance anymore.
You don’t want to worry about the danger of saving sensitive data and you want to be on the safe side legally in the future? Then contact the experts at nexnet.