How to Win the Data Battle in Today's World

In the era of digital marketing, the problem of personal data protection is especially acute. In 2018, the CLOUD Act came into force in the United States and compromised the confidentiality of data held by American companies, regardless of their geolocation. The fact that such a law was adopted suggests that the government is becoming a regulator of digital data exchange. This cannot but affect business. Therefore, today we’re going to raise a serious topic and try to figure out why the risks of storing data on third party hosts have increased, and what private businesses need to do in this situation.

How the CLOUD Act upsets the balance of data protection

In 2020, The Court of Justice of the European Union (CJEU) declared that U.S. service providers did not adequately protect the personal data of persons from other countries. The point is that this law allows U.S. law enforcement to request personal data of U.S. citizens or residents from US-based companies — even if they are located outside the country — by issuing warrants or court orders. However, there is no guarantee that requests will only concern citizens of the United States, and it’s unlikely that service providers will side with their customers in such a situation.

The law seriously affected the General Data Protection Regulation (GDPR), which protects the personal data of individuals and legal entities in the European Union and beyond. The GDPR enables people to better control their personal data and introduces strict requirements relating to data transfers to third countries, requiring a legal basis for this.

The independent European Data Protection Board (EDPB) has concluded that U.S. service providers who are also subject to the EU GDPR cannot legally base the disclosure and transfer of personal data to the US even if it’s based on a warrant or other court orders. The transfer of data outside the EU is only acceptable if grounded on an international agreement, such as an MLAT.

Therefore, the EU regulation and the CLOUD Act contradict each other when it comes to a strict GDPR requirement to have a compelling legal reason for the transfer of data.

What are the conclusions and what needs to be done

We agree that the adoption of the CLOUD Act severely undermines the protection of users' sensitive data. In addition, now no one can be sure of companies claiming to be in compliance with the key principles of the GDPR.

Leading market players understand how important it is to treat the information provided to them with care. Companies are seriously concerned that their data may be used illegally for commercial purposes. The sole possession of your customers’ data is becoming the key to a successful business in the digital sphere. That’s why the struggle for data will only intensify.

In recent years, the number of cloud service users has increased significantly. This has resulted in a huge amount of data being stored outside the jurisdiction in which it was created. Besides, companies that prefer to use SaaS solutions cannot ensure reliable data protection.

DLA PIPER has conducted research that clearly demonstrates the insecure protection of sensitive data in certain countries.

So what should large and medium-sized businesses do to ensure information security? It’s quite simple. Now digital platforms that can be deployed as a private cloud or on-premise solution are becoming a good way to solve this problem. By integrating a platform such as the Altcraft Platform into the corporate network, the organization prevents the possibility of a personal data leak. Only certain employees get access to the data. This gives the organization full control over the data and at the same time excludes outside interference.

Many banks, insurance and logistics companies, payment systems, online services that handle large databases are already using Altcraft Platform. Our on-premise solution is completely adaptable to the needs of companies and allows them to manage all processes within the system.

Conclusion

Today companies are concerned about whether the information provided to them is securely stored. As we said, cloud providers fail to ensure adequate protection of customer’s personal data. That’s why you need to weigh all pros and cons before you choose a solution — SaaS, Private Cloud or On-premise. Check in which country the provider is located, what laws it obeys and how it operates.

If you have any questions, please write to us. We would be pleased to answer.