Last checked: 20/09/2022

Free flow of non-personal data

You - as an individual, business or organisation - have the right to use, collect, store, transfer or manage non-personal data, and to use data centres or cloud services anywhere in the EU (In this case, the 27 EU member states).

This can help you avoid any potential duplication of costs; for example, you can centralise your IT infrastructure in one EU country, even if you operate in multiple countries.

Personal data, non-personal data and mixed datasets

Personal data is any information about an identified or identifiable person and follows GDPR rules.

Non-personal datasets refer to:

Mixed datasets are collections of personal and non-personal data such as a company’s tax record, mentioning the name and telephone number of the managing director of the company. In most cases, the personal and non-personal data in mixed datasets are inextricably linked. If you handle such mixed datasets, you must follow GDPR rules.

You can store your data anywhere in the EU, including on cloud servers

Apart from the exceptional cases explained below, you can choose the location where data is stored or processed.

If you use a cloud service to store your data, you should be able to easily change cloud service providers, or port the data back in-house to your own IT system. Several cloud service providers have a signed a code of conduct to guarantee this. You can access the list of service providers and the code of conduct on the website of the Cloud switching and porting data association (SWIPO).

Data localisation requirements in the EU

In exceptional cases, EU countries may be able to restrict the movement of certain data, but only if justified on the grounds of public security. Such a justification could be, for example, when data relates to ongoing counter-terrorism investigations, or when loss of data could risk a major traffic accident (such as for air traffic control data). These exceptions depend on national legislation. The EU regulation on the free flow of non-personal data gives access to information about such data localisations restrictions.

National information and contact points

The EU regulation on the free flow of non-personal data outlines two information points that EU countries must provide:

In the Ask national administrations section below you will find the single information point and single point of contact at each national level.

Sharing data with competent authorities

You must make data available if a competent authority makes a legitimate request to access your data, even if the data is managed or stored in another EU country. Penalties may be issued for non-compliance in accordance with national law.

EU legislation

Need more information on rules in a specific country?

Choose country
Úřad vlády, Oddělení evropské digitální agendy, Sekce pro evropské záležitostiThe Section for European Affairs of the Office of the Government of the Czech Republic
Volný pohyb neosobních dat | BusinessInfo.czcs
ErhvervsstyrelsenDanish Business Authority
Opbevaring og deling af datada
Tarbijakaitse ja Tehnilise Järelevalve AmetConsumer Protection and Technical Regulatory Authority
The Consumer Protection and Technical Regulatory AuthorityEconomic Cooperation UnitConsumer and Business Councelling DepartmentEndla 10A, 10122 Tallinn
Liikenne- ja viestintävirasto TraficomFinnish Transport and Communications Agency Traficom
Bundesministerium für Wirtschaft und KlimaschutzFederal Ministry for Economic Affairs and Climate Action
Ministro per l'innovazione tecnologica e la transizione digitalePresidency of the Council of Ministers Department for Digital Transformation
Largo Pietro di Brazzà, 86 00187Roma
Ministro per l’innovazione tecnologica e la transizione digitaleit
Lietuvos Respublikos ekonomikos ir inovacijų ministerijaMinistry of the Economy and Innovation of the Republic of Lithuania
Gedimino Ave. 38, 01104 Vilnius, Lithuania
Europos sąjungos dokumentailt
Le Service des médias, de la connectivité et des communicationsThe Department of Media, Connectivity and Digital Policy
Protection des donnéesfr
Ministerie van Economische Zaken en KlimaatThe Ministry of Economic Affairs and Climate Policy
Cyfryzacja KPRMDigital Affairs – Chancellery of the Prime Minister
Ministerstvo investícií, regionálneho rozvoja a informatizácie Slovenskej republiky slúžiMinistry of Investments, Regional Development and Informatization of the Slovak Republic
Ministrstvo za javno upravoMinistry of Public Administration
Tržaška cesta 211000 Ljubljana
Ministerio de Asuntos Económicos y Transformación DigitalMinistry of Economic Affairs and Digital Transformation
P. de la Castellana 162C.P. 28046 Madrid
Libre circulación de datos no personales en la Unión Europeaes
KommerskollegiumNational Board of Trade Sweden
Nya datalokaliseringskrav ska anmälas enligt dataflödesförordningensv

Need support from assistance services?

Get in touch with specialised assistance services

Do you have questions on operating a business cross-border, for example exporting or expanding to another EU country? If so, the Enterprise Europe Network can give you free advice.

You can also use the assistance service finder to find the right help for you.

Share this page: