You migrated your IT infrastructure successfully to one of the US-based hyperscalers and store personal data of EU citizens? We probably all thought that by now there would be a solid legal framework to process those data even if only EU-operated data centers are being used. However, then Schrems I and II were ruled, resulting in a constant data privacy limbo. Due to the cloud-native nature of globally scaled services and their inter-connectivity it becomes increasingly difficult to prove towards data protection authorities that your data won’t be transferred to third countries - and in fact it is complex to keep track.
Our added value
We would like to show you a pragmatic way to stop discussions about data transfers to third party countries from the start. Together we look at your workloads in the cloud and define which data are being processed at which step. It often turns out that only a fraction of your services actual need personal data – or still work without those data.
After we identified the personal data and their strictly necessary workloads, we start to precisely carve out those data and processes to move them to a cloud that has an adequate level of data protection according to EU standards. This is not just limited to EU member states. It is very common that we can even integrate a few infrastructure optimizations along the way, as the current cloud service usage is known.
That’s it, you keep the extreme scalability and global reach of the US-based hyperscalers for your computing intense workloads and smartly enrich the final result with data from your new EU approved data source – an actually working Safe Harbor solution.