Until now, data protectionists in European companies thought they were on the safe side with a cloud provider with data centres in the EU. But the CLOUD Act is not limited to companies headquartered in the US, but also to those with a branch office or business activity.
The CLOUD Act regulates the handling of data that is physically located outside the USA, but for which a US company is responsible. However, it not only requires US companies to disclose data to US authorities even without a court order, but also other companies if they are part of a US company or exchange data with US companies.
That's why data privacy protectors need to carefully consider which cloud provider you use. When you choose a U.S. cloud provider, you accept the risk of unauthorized third-party access - without ever knowing it. So you don't know if, where, how long, or by whom your data will be accessed.
>>> To be on the safe side, you should therefore rely on German or European providers like DRACOON, who neither have a branch in the USA nor are a US-American subsidiary.
DRACOON does not provide any unauthorized access to your data
DRACOON offers numerous advantages to ensure secure and EU-GDPR compliant data storage. Due to the client-side encryption, data cannot be leaked.
- Made & Hosted in Germany: DRACOON is developed in Germany and operated in ISO27001 certified data centres. We are neither a subsidiary of a US company nor do we have branches in the USA.
- Multiple awards and certifications: Various seals such as BSI C5, ISO27001 and EuroPriSe certify DRACOON highest security standards. Furthermore, the software has been awarded several times as "Leader" by top analysts such as ISG.
- GDPR-compliant thanks to Privacy by Default and Privacy by Design: As a German provider DRACOON is subject to the strict German security laws. DRACOON supports a data protection friendly technology design (Privacy by Design) and also includes a data protection friendly default setting (Privacy by Default). So users don't have to think about which steps they have to take to act in accordance with data protection.
- Highest security through client-side encryption: Your data is already securely encrypted at the end device. There is no possibility to decrypt the data on the server itself, as the key material is located on the client. In this way we ensure that neither we as a cloud provider nor third parties are able to access stored data.
- Integrated reporting tool / audit log: The reporting tool with audit log provides information about file access at any time. Authorized persons can thus trace who has shared, edited or deleted data.
- Modern authorisation concept with decentralised administration: With DRACOON, access rights can be easily and individually assigned to internal employees as well as external parties. This ensures that certain persons are only granted read-only rights, for example, while others can edit and delete data. Thus, for example, the IT department retains the organisational sovereignty but has no read and write rights to financial or personnel data. As a result, IT administrators can also be completely blocked from accessing certain data (such as salaries, balance sheets, etc.). DRACOON also offers the possibility to limit the availability of data for a limited period of time.
"Due to the CLOUD Act, companies today have to check exactly which (software) provider they choose. The server location plays a decisive role here. With a German cloud solution like DRACOON you can exclude external access to your data", confirms Christian Volkmer, data protection expert and managing director of Projekt 29 GmbH & Co. KG.