The United States president Donald Trump recently signed the US CLOUD Act which violates the GDPR of the European Union. The CLOUD Act requires all internet firms in the country to provide the United States security agencies access to customer or user's information even if it isn’t stred in the US. The law was passed after Microsoft refused to provide their data stored overseas to the current Federal Bureau of Investigation.
The Cloud Act and the GDPR
In Europe, most organisations have worked extra hard to comply with the current data protection regulation. The GDPR is all about covering and strengthening the integrity of an individual’s data providing people with the much-needed power over their data.
The Cloud Act and the GDPR are two different regulations, and they clearly show the differences between the United States and Europe concerning the view on handling personal data and integrity. This clearly indicates that there is a potential conflict between the GDPR and the Cloud Act that most European organisations must consider when handling their sensitive data.
Risk Analysis Crucial
Most organisations and professionals have expressed their concern about the United States CLOUD Act and the negative impacts it can have on the security and integrity of the European Union Citizens. European organisations that are currently using United States Suppliers should take time to evaluate the risks of using suppliers from the US.
Do the benefits of using these organisations really outweigh the risks? Most of the giants in information technology and cloud services such as Microsoft, Google and Amazon will have to follow the CLOUD Act. This act may be beneficial for organisations to choose a local hosting or cloud provider that they know follow the rules and regulations of the local state when it comes to data protection and privacy. This is true for firms that handle extremely sensitive information such as municipalities, banks, authorities, insurance companies and health care.