GDPR is yesterday’s news; the CLOUD Act also poses challenges for companies in Europe: U.S. authorities may also access data that is physically located in Europe if it has been processed or stored by U.S. hosting or cloud providers, or their branches in other countries. U.S. providers, therefore, recommend that their customers technically disguise data. But does this protect data from being accessed?
In addition to the providers themselves, the General Data Protection Regulation (Art 32) also points out that personal data must either be encrypted or pseudonymized. Both options pose a challenge for data in the cloud.