Can companies still transfer data to the United States?

Yes, but only under strict GDPR conditions, such as explicit user consent or encryption. Without these safeguards, data transfers to the U.S. are not legally compliant.

How can companies prepare for GDPR audits?

Organizations should document all data transfers, maintain consent records, and work exclusively with compliant providers. centron’s managed hosting and firewall services simplify GDPR adherence.

Privacy Shield Toppled – What Now?

The European Court of Justice (ECJ) has declared the EU-US Privacy Shield invalid. This landmark decision leaves companies facing uncertainty about how to legally transfer data to the United States. We explain what this ruling means and how you can protect your organization under the GDPR.

1. Evaluate Your Data Flows

Although the ECJ ruling takes immediate effect, no one expects companies to change all processes overnight.
However, delaying action is risky. Begin by analyzing all existing data flows — especially those involving U.S. service providers.
This evaluation helps you understand where data is stored and which transfers require urgent attention.

2. Obtain Explicit User Consent

The safest way to transfer personal data internationally is through explicit user consent.
You must document that users were fully informed and agreed to the transfer — for example, in your CRM or customer database.
While this method provides strong legal protection, it also raises the question: what happens when users refuse consent?
Therefore, a contingency plan is essential.

3. Encrypt or Anonymize Data

If transfers to the U.S. cannot be avoided, encryption or anonymization of master data can help achieve GDPR compliance.
Not all business models support this approach, so carefully evaluate whether your workflows can operate with partially anonymized data.

4. Switch to EU-Based Providers

For many organizations, the most sustainable solution is to migrate to European or German cloud providers.
Both the Safe Harbor and Privacy Shield frameworks have failed, proving that U.S. data hosting remains legally unstable.
European experts — such as Berlin’s data protection officer Maja Smoltczyk — strongly recommend relocating all personal data to EU servers.

centron: Data Protection Made in Germany

Germany is considered one of the most secure server locations in the world.
As an ISO 27001-certified data center operator, centron guarantees maximum data protection, performance, and compliance.
All data is stored exclusively in our Hallstadt data center, which exceeds the strict requirements of the Federal Office for Information Security (BSI).
For flexible infrastructure, you can choose between:

These solutions ensure that your company stays GDPR-compliant — without risking data exposure through U.S. surveillance.

5. Keep an Eye on Legal Developments

In the coming months, national and European authorities will issue further recommendations based on the ECJ ruling.
Stay informed via reliable sources such as:

Background: Why Was Privacy Shield Invalidated?

The Privacy Shield replaced the Safe Harbor Agreement after its collapse in 2015, aiming to provide a legal framework for transatlantic data transfers.
However, the ECJ ruled in July 2020 that U.S. intelligence agencies can access personal data without sufficient safeguards, violating EU data protection standards.
This decision not only invalidated Privacy Shield but also cast doubt on the validity of many Standard Contractual Clauses (SCCs).
Until a new agreement is established, businesses must implement alternative compliance strategies.

Frequently Asked Questions (FAQ)

Why did the ECJ overturn the Privacy Shield?

Because U.S. surveillance laws do not provide an equivalent level of data protection to that required by the EU’s GDPR.
The ruling ensures that personal data of EU citizens cannot be accessed without adequate safeguards.

Can I still transfer data to the United States?

Yes, but only under strict conditions — such as explicit user consent or additional safeguards like encryption and anonymization.
Otherwise, such transfers violate GDPR principles.

What are the alternatives to U.S. cloud services?

EU-based providers such as centron offer secure, ISO 27001-certified hosting environments in Germany.
These ensure compliance, stability, and legal certainty without the risks of U.S. data laws.

How can I prepare my company for GDPR audits?

Maintain detailed records of all data transfers and consents.
Work exclusively with GDPR-compliant service providers and consider implementing managed security and backup solutions within the EU.

How does centron support GDPR compliance?

centron provides secure hosting, managed firewalls, and backup and recovery services —
all operated in Germany under ISO 27001 certification.
This ensures maximum data protection and business continuity.

Sources: European Court of Justice, BSI, DSK, Bitkom

➤ Book a free GDPR compliance consultation with centron

Grenzenlose Möglichkeiten mit Centron's Managed Server

Create a Free Account

Try now

FEATURED PRODUCTS

Kubernetes

ccloud³

Managed Server

Cloud GPU

S3 Object Storage

COMPUTE

MANAGED

STORAGE

NETWORKING

MANAGEMENT TOOLS

BACKUPS & SNAPSHOTS

WEBSITE HOSTING

HOUSING

FEATURED INDUSTRIES

Enterprise

Saas-Hosting

Startup

INDUSTRIES

MORE INDUSTRIES

FEATURED USE CASES

Linux-Hosting

VMware Migration

Docker Hosting

USE CASES

MORE USE CASES

RESSOURCES

Help Center

Trust Center

Glossar

Tutorials

MORE CENTRON

MORE INFOS