How is it possible to transfer data to third countries under the GDPR? | A legal opinion on R&S®Trusted Gate

Schrems II ruling of the European Court of Justice has raised conflicts on the subject of data protection when it comes to the use of cloud solutions. Prof. Dr. Dirk Heckmann of the Technical University of Munich, who is professionally involved in the legal and security aspects of digitization, has now prepared a legal opinion on the subject. In it, he clarifies questions about the use of services from U.S. providers such as Microsoft, Google and Amazon in compliance with data protection laws. Is there a way out of the cloud dilemma?

For a year now, the Privacy Shield has been declared invalid by the European Court of Justice, and European data is therefore not safe from access by U.S. authorities at U.S. providers in the U.S. - but also in Europe. The USA as an "insecure third country" thus makes it impossible to achieve an equivalent level of data protection, which cannot be guaranteed by standard data protection clauses.

Why this is an issue for local enterprises?

Enterprises are increasingly switching off their own servers and relying on US cloud providers such as Amazon (AWS), Google & Co. IT systems are being moved to the cloud; a fact that has seen a significant upward trend since the start of the pandemic and home offices, and not only through video conferencing systems.

For enterprises, the assumption that data stored on servers in Europe is "safe" from access by U.S. authorities does not hold water here, because the CLOUD Act applies. This obligates US companies to hand over stored customer data to law enforcement authorities (in the USA) upon request. This means that companies throughout Europe are currently confronted with a massive risk of fines. Rapid solutions must be found.

According to Prof. Dr. Heckmann's legal opinion, R&S®Trusted Gate can be a data protection-compliant way out for authorities and companies.

The expert opinion itself talks about a "technical innovation." What does it highlight?

It is, above all, the "secure design of a multi-level system" and there is a separation of the contents of the so-called encryption level from the cloud services at the business level. Specifically, this means that external cloud services can be used without personal data being transferred to an "insecure third country."

Rohde & Schwarz , as a company that is committed to secrecy, "credibly" guarantees its customers that this separation is achieved in a technically secure manner.

1. Thanks to R&S®Trusted Gate, the current indications of the data protection supervisory authorities with regard to the use of the incriminated cloud services have been eliminated: In the absence of a transfer of personal data to a third country, the strict requirements of Art. 44 et seq. are simply not relevant and further proof of an equivalent level of data protection is not required.

2. In addition, concerns regarding export controls are eliminated, because the data does not "leave" the respective country.

Here you can download the legal opinion and here you can learn more about the evaluated .






我同意,在网站Imprint中提到的Rohde & Schwarz GmbH & Co. KG和罗德与施瓦茨实体及分支机构 可出于营销和广告之目的(例如提供特价优惠和折扣促销信息)而通过选定渠道(电子邮件或邮政信件)与我联系并提供相关信息,包括但不限于测试与测量、安全通信、监测与网络测试、广播电视与媒体以及网络安全领域的产品和解决方案相关信息


您可以随时发送电子邮件至 撤销此同意声明,邮件主题注明“Unsubscribe”即可。此外,我们发送给您的每一封电子邮件中都含有电子邮件取消订阅链接。有关个人数据使用和撤销程序的详情,请参阅“隐私声明”

An error is occurred, please try it again later.