Data sovereignty refers to the concept that data is subject to the laws and governance systems of the country in which it is gathered. Data sovereignty is intertwined with data security, cloud computing, and technical sovereignty.
SaaS (Software as a Service) and Cloud storage services have grown in popularity in recent years; however, their use frequently involves international data transfers, which can pose significant compliance difficulties for both users and suppliers.
Data sovereignty and the EU GDPR
The EU GDPR applies to the processing of personal data of EU residents, regardless of where such processing takes place. Furthermore, it applies to both data controllers and data processors, thus whether your company utilizes or provides a Cloud service that processes the data of EU citizens, you must comply.
International data transfers are permitted under the EU GDPR.
- Based on an adequacy decision
- When proper measures are in place
This implies that personal data can continue to flow from the EEA to the UK without the need for organizations to utilize SCCs (standard contractual clauses) or other methods to ensure suitable protections are in place.
Transfers of personal data to a third country (i.e. one that is not an EEA member), a territory, or an international organization are permitted only if the European Commission determines that there is an “adequate level of protection,” just as they were under the EU GDPR’s predecessor, the Data Protection Directive 1995.
A growing number of businesses are pursuing certification to international standards as a means of showing compliance with the GDPR’s information security obligations and other data security and privacy legislation.
ISO 27001 is an international standard that sets the standards for a best-practice ISMS (information security management system) that will assist you in implementing the “necessary” organizational and technological security measures mandated by both the EU GDPR and the NIS Directive.
RSK Cybersecurity service provider solves these conflicts for you and handles the data transfer in the most secure way.