How is it possible to transfer data to third countries under the GDPR? | A legal opinion on R&S®Trusted Gate

Schrems II ruling of the European Court of Justice has raised conflicts on the subject of data protection when it comes to the use of cloud solutions. Prof. Dr. Dirk Heckmann of the Technical University of Munich, who is professionally involved in the legal and security aspects of digitization, has now prepared a legal opinion on the subject. In it, he clarifies questions about the use of services from U.S. providers such as Microsoft, Google and Amazon in compliance with data protection laws. Is there a way out of the cloud dilemma?

For a year now, the Privacy Shield has been declared invalid by the European Court of Justice, and European data is therefore not safe from access by U.S. authorities at U.S. providers in the U.S. - but also in Europe. The USA as an "insecure third country" thus makes it impossible to achieve an equivalent level of data protection, which cannot be guaranteed by standard data protection clauses.

Why this is an issue for local enterprises?

Enterprises are increasingly switching off their own servers and relying on US cloud providers such as Amazon (AWS), Google & Co. IT systems are being moved to the cloud; a fact that has seen a significant upward trend since the start of the pandemic and home offices, and not only through video conferencing systems.

For enterprises, the assumption that data stored on servers in Europe is "safe" from access by U.S. authorities does not hold water here, because the CLOUD Act applies. This obligates US companies to hand over stored customer data to law enforcement authorities (in the USA) upon request. This means that companies throughout Europe are currently confronted with a massive risk of fines. Rapid solutions must be found.

According to Prof. Dr. Heckmann's legal opinion, R&S®Trusted Gate can be a data protection-compliant way out for authorities and companies.

The expert opinion itself talks about a "technical innovation." What does it highlight?

It is, above all, the "secure design of a multi-level system" and there is a separation of the contents of the so-called encryption level from the cloud services at the business level. Specifically, this means that external cloud services can be used without personal data being transferred to an "insecure third country."

Rohde & Schwarz , as a company that is committed to secrecy, "credibly" guarantees its customers that this separation is achieved in a technically secure manner.

1. Thanks to R&S®Trusted Gate, the current indications of the data protection supervisory authorities with regard to the use of the incriminated cloud services have been eliminated: In the absence of a transfer of personal data to a third country, the strict requirements of Art. 44 et seq. GDPR are simply not relevant and further proof of an equivalent level of data protection is not required.

2. In addition, concerns regarding export controls are eliminated, because the data does not "leave" the respective country.

Here you can download the legal opinion and here you can learn more about the evaluated solution for privacy-compliant use of cloud services.

Request information

Do you have questions or need additional information? Simply fill out this form and we will get right back to you.

I want to receive information from Rohde & Schwarz via

Marketing permission

What does this mean in detail?

I agree that Rohde & Schwarz GmbH & Co. KG and the Rohde & Schwarz entity or subsidiary company mentioned in the imprint of this website, may contact me via the chosen channel (email or postal mail) for marketing and advertising purposes (e.g. information on special offers and discount promotions) related to, but not limited to, products and solutions in the fields of test and measurement, secure communications, monitoring and network testing, broadcast and media, and cybersecurity.

Your rights

This declaration of consent may be withdrawn at any time by sending an email with the subject "Unsubscribe" to Additionally, a link to unsubscribe from future email advertisements is contained in each email sent. Further details on the use of personal data and the withdrawal procedure are set out in the Statement of Privacy.

Your request has been sent successfully. We will contact you shortly.
An error is occurred, please try it again later.