The easy way to avoid using servers in the USA
Companies that store their data on non-European servers are faced with the huge shambles of the former Privacy Shield. Now is the time to be quick, because a suitable, secure alternative must be found.
Bye-bye Privacy Shield
The Privacy Shield, a data protection shield negotiated by the European and American governments, was declared invalid by the European Court of Justice (ECJ) on July 16, 2020. The GDPR (General Data Protection Regulation) has not been a foreign concept to anyone for some time now. Since its introduction, a uniformly high standard for the protection of personal data has prevailed in Europe. The Privacy Shield should ensure that, despite this high standard, data processing in international data traffic between Europe and the USA is still possible - and that the same high standard is ensured for data from Europeans. According to the ECJ, Privacy Shield could not offer this security and therefore did not provide a sufficient guarantee for the data protection of European citizens.
As a result, this agreement is now invalid and data exchange between Europe and the USA is only possible with great difficulty without violating European data protection law. In practice, this means that companies that store personal data from Germany with companies in the USA or transfer it to these service providers are in breach of the GDPR. Many American companies have now started to store the data of European customers exclusively on servers in Europe. But is this the solution? Not really, because according to US law, data from their providers must be handed over on request - even if they are located outside the US. Even the so-called standard contractual clauses, which are theoretically still possible, do not allow data to be transferred to US companies if they do not provide any other precautions in terms of group law or data encryption.
So if you are currently still relying on service providers in the USA, you should look for an alternative as soon as possible. Basically, the following applies to you as an entrepreneur: the less you use international providers, the lower the risk of getting into trouble with data protection. Here are a few tips on how to proceed so that you don't lose track:
- As the Privacy Shield has no longer been a legal basis since August 2020, you should look for an alternative for data transfer in accordance with the GDPR as soon as possible (if you haven't already done so). In a nutshell: The servers on which personal data is stored must be located in the EU.
- Existing contracts should be checked for security, references to the Privacy Shield removed and, if necessary, contact made with the supervisory authority. In addition, data transfers for which there is no basis must be suspended or a new service provider must be found in the EU.
- When choosing a service provider, you should also make sure that they do not have any subcontractors who process their data in the USA.
The struggle in practice
Admittedly, this all sounds a bit abstract right now. To make the problem - and the solution - a little clearer, the story of Mareike will help. Mareike is the CEO of Datensammler AG. She has been working closely with Chargebee, a company based in the USA, for years to create her invoices. The data of her European and German customers is therefore stored on Chargebee's (American!) servers. In the past, Mareike and Chargebee relied on Privacy Shield. Since this is no longer legal, she has been looking for a suitable solution that guarantees secure data transfer for her customers and protects the data from unauthorized third parties. She was faced with a number of challenges, as she naturally wanted to be on the safe side legally. In her search for a suitable partner with whom she would not be faced with this data protection problem, she came across the German company nexnet.
nexnet is an outsourcing service provider and expert in financial accounting, accounts receivable management and subscription billing. Because nexnet naturally deals with a lot of sensitive, personal data in these areas, data protection is a top priority here. Mareike has finally found a partner with whom she no longer has to worry - neither about the security of her customers' data nor about breaking European law. She is delighted with how smoothly the switch to nexnet went and is looking forward to a long, secure collaboration.
Data protection made in Germany
A great deal of expertise and experience is required to guarantee the security of customer data. nexnet has both. For over 20 years, nexnet has attached particular importance to data protection. All data that nexnet needs to perform its tasks is stored, but never leaves the company's own systems, as no external service providers are required - especially not in the USA. Secure data transmission is guaranteed by modern SSL certificates and a data protection management system including a data protection team. In addition, all employees receive regular security and data protection training. nexnet's data center is maintained, updated and expanded by the company's own IT department. It is also monitored by a sophisticated security system and thus achieves the highest level of security. You can therefore rest assured that your data is optimally protected and no longer gives cyber criminals a chance.
Do you want to stop worrying about the dangers of backing up sensitive data and be on the safe side legally in the future? Then contact the experts at nexnet.
