Whitepaper: Cloud Act vs. GDPR

In this white paper, Dennis G. Jansen, an expert in international IT and data protection law, explains the contradictory regulations and fundamentally different motivations of the US-CLOUD Act and the EU-GDPR and thus helps decision-makers to identify cloud providers that enable a smooth and compliant partnership.


Do you care about data privacy and data security? If you are a business, in Europe, you care about it. At least since May 25th, 2018, the day, the General Data Protection Regulation (GDPR) came into effect. Since March 23rd, 2018, US authorities can demand data access from US companies under the Clarifying Lawful Use of Overseas Data (CLOUD) Act from servers located anywhere in the world.

These massive changes happened on both sides of the Atlantic Ocean in 2018. Concerning data protection, these regulations pursue wholly different goals, however. Not only do they leave businesses in a maze of articles, sections, and paragraphs to make matters even worse, these laws contradict each other. Under the threat of fines and other punishments, the regulations may force a company to comply with two irreconcilable sets of rules.  

This white paper aims to provide a concise introduction, illustration, and guidance through the complexity that describes alternative approaches and supports the decision-making process for the data-handling challenges of today's conflicts between the US CLOUD Act and the EU GDPR.

Lose 20 Million or 4% global turnover!

GDPR non-compliance risks are real; hence, if no exception applies, an EEA business generally violates the GDPR when fulfilling ECPA and FISA requests. In early 2020, most personal data processing in the US could become illegal. Violating the protections of third country data transfers in Chapter V GDPR is especially problematic. It can result in maximum fines of the higher of € 20 million and 4 % of the total worldwide annual turnover of the preceding financial year. A GDPR supervisory authority or EU Member State court might threaten businesses with imprisonment for ignoring GDPR requirements.


Read more?

Cloud Act vs. GDPR

So that we can send you our white paper, we need some information from you: