Maximum performance at minimal cost. Start your server in seconds now!

    Privacy Agreement – Where Are You?

    Even years after the end of the Privacy Shield, there is still no reliable legal basis for transferring data to non-EU countries, especially the USA. Companies using US cloud providers such as AWS, Google, or Azure risk high penalties. A recent Bitkom study reveals alarming figures.

    The Legal Vacuum After the Privacy Shield

    In the summer of 2020, the European Court of Justice (ECJ) invalidated the EU-US Privacy Shield.
    The court ruled that U.S. surveillance laws do not provide adequate protection for personal data of EU citizens.
    As a result, US intelligence agencies can access user data without consent — a direct violation of the General Data Protection Regulation (GDPR).
    Since then, there has been no stable framework to replace it.

    For companies relying on US-based cloud infrastructure, this legal uncertainty has become a serious burden.
    A Bitkom Research study highlights the extent of the issue and shows how strongly the German economy depends on transatlantic data flows.

    Every Second German Company Transfers Data Outside the EU

    According to the study “Data Protection as a Permanent Task for the Economy”, 48% of all German companies exchange data with providers outside the EU.
    The main destinations are:

    • USA – 52%
    • United Kingdom – 35%
    • Russia – 18%
    • India – 13%

    In theory, every single transfer must be checked for GDPR compliance — an almost impossible task in practice.
    As Achim Berg, President of Bitkom, emphasizes:
    “We urgently need more legal certainty. A new data protection agreement between the EU and the US is essential – but remains a complex challenge.”

    Data Protection Agreement: Fines Are the Lesser Evil

    Why do so many companies continue to send data outside the EU despite possible fines of up to €20 million?
    Because for many, it’s become an integral part of their business model:

    • 62% cannot offer certain services without non-EU data processing
    • 57% fear disadvantages compared to international competitors
    • 54% report higher costs if restricted to EU data processing
    • 54% depend on global technical support systems

    Despite these dependencies, the absence of a secure legal framework remains a serious compliance risk.
    The EU is taking time to avoid a third failed agreement after “Safe Harbor” and “Privacy Shield”.
    Until then, alternative, GDPR-compliant hosting options within the EU are the safest route.

    Cloud Hosting Within the EU: The Secure Alternative

    There are reliable cloud providers within the EU offering performance, availability, and data protection at the highest level.
    For example, centron’s ISO 27001-certified data center in Hallstadt near Bamberg provides secure, high-availability cloud infrastructure that fully complies with GDPR.
    Companies that start directly with a European provider avoid complex migrations and minimize legal risk.

    “Many companies are willing to migrate to German cloud providers – but the technical complexity of large infrastructures makes it a challenge,”
    explains Wilhelm Seucan, Managing Director at centron.

    centron’s Tip: Stay Secure from the Start

    If you plan to move your business into the cloud, choose a German or EU-based provider from the beginning.
    With centron’s ccloud³ Virtual Machines and Managed Firewall Services, you benefit from the best possible data protection and reliability — without uncertainty about transatlantic transfers.

    Into the cloud – but safe!
    Compare centron’s secure EU cloud solutions and ensure maximum compliance, availability, and performance for your business.

    Frequently Asked Questions (FAQ)

    What happened to the EU-US Privacy Shield?

    The Privacy Shield was declared invalid by the ECJ because U.S. surveillance laws did not meet EU data protection standards.
    No new agreement has yet been finalized.

    Why is data transfer to non-EU countries risky?

    Personal data stored in the U.S. or other non-EU countries may be accessed by foreign authorities.
    Without an adequate legal framework, such transfers violate GDPR requirements.

    How does GDPR regulate international data transfers?

    The GDPR requires companies to ensure that personal data enjoys the same level of protection outside the EU as within.
    This can be achieved through standard contractual clauses, adequacy decisions, or hosting within the EU.

    What penalties can companies face for violations?

    Organizations that violate GDPR rules risk fines of up to €20 million or 4% of annual global turnover — whichever is higher.
    They may also face reputational and contractual consequences.

    How can companies stay compliant when using the cloud?

    The safest option is to host data with an EU-based provider.
    centron’s ccloud³ offers secure infrastructure from Germany’s ISO 27001-certified data center — combining legal security, scalability, and strong performance.

    What does centron recommend for the future?

    Until a new EU-US agreement is finalized, businesses should prioritize GDPR-compliant cloud solutions within Europe.
    centron supports this with Managed Firewall Services and secure backup and recovery solutions.

    Sources: Bitkom Research, Handelsblatt

    ➤ Get your GDPR-compliant cloud consultation now

    Fullmanaging-Expertise: Mit Centron immer einen Schritt voraus

    Create a Free Account

    Register now and get access to our Cloud Services.

    Try now