Data storage with regards to GDPR

Why no one is talking about physical location of data with regards of GDPR?

I don’t want to just copy & paste already known facts. Yes, GDPR is live and all EU countries must comply. Most of us already had to change way we work and it’s just a matter of time when 1stbig case will happen and when Newspapers and TV shows will spot on it.

What is this about?

As a real IT minded professional, I spent more than 2 decades of collecting data for my customers — including programming special feeds to get as much of personal data as possible. Because of that, I felt in a real hype when GDPR topic come. It’s funny to know too much about data harvesting as programmer, architect, consultant and manger and to deeply understand how such regulation is going to change the existing IT World. So, after 4 months of GDPR regulation in place, where we are? But not from the legal view — but from pure data one.

Let’s start:

A simple idea then — and please answer honestly — where is YOUR data stored Today — do you know it?
a. Inhouse
b. Private cloud in data center under direct control of Customer
c. Public/private cloud at Amazon, iCloud, Azure and other large cloud provides

Let’s dig a deeper then with what GDPR is about — it’s a protecting act of EU against mostly US companies who harvested EU citizens data, analyzed it and then used it very wisely. You know, Ads — Facebook, LinkedIn, Twitter, Instagram, etc. Although, there are hidden and real things like intellectual property protection and technological anti-spy ideas, Ads is something very important here — Together with protecting of business data — meaning my customer data.

Ads as Mark explains (1st few seconds is enough):

What is advertising about?

Let’s repeat with meanings:

Now on, let’s go through “data storing” topics again.
a. Inhouse — 
For EU company the best option for sure but pretty expensive & “old fashion”
b. Cloud with Customer — 
Hosted in EU without fail-over to US/Asia pretty good option however please mind this “failover stuff”
c. Big cloud provider — 
When in EU fine but outside EU an uncertain problem — and REALITY.

Even there are GDPR statements of all big cloud provides stating “we don’t know your data, we don’t sell it”, there is typically no insurance at all about “we’ll not move your data abroad of EU”. There is always something like “and we’ll read your data if there is criminal offense reason”.

Basically, it says “it’s our business”. Well, for large databases pretty typical picture that is commonly accepted.

Collaboration tools?

But let’s go bit deeper again. What about tools we use on daily basis where we’re sharing all kind of data? Such called collaboration tools — Basecamp, Asana, Jira, Sharepoint/Office365, GSuite, etc.? Is there any assurance about to having data in EU? NO, it’s not.

Image righs:

Read your contract properly — as I did during this investigation — and ask freely. In the 1stwave of replays you’ll get all sort of Company GDPR statements, Security notes and Data Protection Acts. Keep asking and then you’ll get something like “we’re unable to answer” OR just void. That’s it. There is no interest about to do anything with it.


Pretty strange, isn’t it? All GDPR is, in our almost Industry4.0 World, about digital information, digital identity, about data. And there is Nobody who really cares about the physical placement and location with regards of protecting of the content.

Well, something is really wrong here — you know the simple rule: 
Do not give a key from your door to untrusted individual.

And trust is not something what should be taken as granted — like document statement on web pages.

Would you prefer to have a choice where will be data stored for your business?

So, where is your data stored?

Fell free to share your thoughts and for sure Clap is nice way to appreciate my work. I’m a freelancer in Czech Reoublic, programmer, analyst, consultant, GDPR advisory and also just a sport freak who enjoys long triathlons, playing accordion and piano, family life and, of course, big IT supporter.