Argana Consulting GmbH 
Let's rather talk about how to solve the problems.

Data protection - cloud computing

Data protection and cloud computing are closely linked, as cloud computing services can help to store and process personal data securely. Data protection refers to the protection of personal data from inappropriate processing and misuse. Cloud computing, on the other hand, refers to the provision of IT resources, such as storage space, computing power and applications, via the internet.

When companies store or process personal data in the cloud, they must ensure that they do so in accordance with applicable data protection laws and regulations. This includes, for example, compliance with the GDPR in Europe or with the Privacy Shield Agreement with third countries.

Most cloud service providers claim that their services are configured in such a way that they comply with the applicable data protection laws and regulations. Regardless of this, companies are obliged to check and monitor the processing of personal data by the processor.

It is important to note that companies are still responsible for protecting personal data, even when they use cloud service providers. Companies should ensure that they choose the right cloud service provider that meets their data protection requirements and that they take appropriate security measures to ensure that personal data remains secure and protected while it is stored or processed in the cloud.

Appropriateness decision

An adequacy decision is an official decision by the European Commission confirming that the level of data protection in a country outside the EU is adequate and that personal data is therefore sufficiently protected. The decision is based on an assessment of the country's data protection legislation and practices, as well as other factors such as the rule of law, human rights and political stability.

An adequacy decision is important for companies that want to transfer personal data from the European Union to a country outside the EU. Without such a decision, they must use other legal mechanisms such as standard contractual clauses or binding corporate rules to ensure that the data is adequately protected.

The list of those states for which an adequacy decision has been issued by the European Commission is provided on the official websites of the European Union.


Standard Contractual Clauses - SCC Standard Contractual Clauses

The Standard Contractual Clauses (also known as SCC) are a set of standard contractual clauses drawn up by the European Commission to regulate the transfer of personal data from the European Union to third countries (countries outside the EU) where there is no adequacy decision.

These clauses are contractual agreements between the data exporter in the European Union and the data importer in the country outside the EU. They contain certain obligations and guarantees that are intended to ensure that the data importer guarantees an appropriate level of data protection and that the data protection rights of the persons concerned are protected.

The standard contractual clauses cover various types of data transfers, including transfers between companies, between companies and government authorities, or between companies and subcontractors. There are different clauses for different types of transfers and parties to the contract.

The standard contractual clauses are an important legal basis for the cross-border transfer of personal data from the EU and are often used in combination with other legal mechanisms.

COMMISSION IMPLEMENTING DECISION (EU) 2021/914 of 4 June 2021
on standard contractual clauses for the transfer of personal data to countries outside the EU in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council