What happens to data such as personal data that is offered via an American cloud software supplier now that the EU-US Privacy Shield has been declared invalid?
Because the Foreign Intelligence Surveillance Act (FISA) concerns “electronic communication service providers”, this ruling has an effect on a lot of cloud software within your organization.
The biggest problem with US regulations is that US intelligence services have access to all personal data of non-US people that is processed at a US electronic communications provider, even if it is stored in Europe. Electronic communication providers are, for example, the e-mail services, cloud storage and Internet Service Providers (ISPs) that your organization (or the processors with which your organization works) uses. Making separate agreements for this is often a gray area.
Ask yourself the following questions:
1. In which countries does the supplier have data centers?
2. Who has physical access to these data centers?
3. Have agreements been made with the supplier or can they be made?
Read more about this: https://www.frankwatching.com/archive/2020/08/18/privacy-shield-data-vs/