Free flow of non-personal data

You - as an individual, business or organisation - have the right to use, collect, store, transfer or manage non-personal data, and to use data centres or cloud services anywhere in the EU.

This can help you avoid any potential duplication of costs; for example, you can centralise your IT infrastructure in one EU country, even if you operate in multiple countries.

Personal data, non-personal data and mixed datasets

Personal data is any information about an identified or identifiable person and follows GDPR rules.

Non-personal datasets refer to:

  • data which does not relate to an identified or identifiable natural person, such as data on weather conditions
  • data which was initially personal data, but was later made anonymous and cannot be attributed in any way to a specific person

Mixed datasets are collections of personal and non-personal data such as a company’s tax record, mentioning the name and telephone number of the managing director of the company. In most cases, the personal and non-personal data in mixed datasets are inextricably linked. If you handle such mixed datasets, you must follow GDPR rules.

You can store your data anywhere in the EU, including on cloud servers

Apart from the exceptional cases explained below, you can choose the location where data is stored or processed.

If you use a cloud service to store your data, you should be able to easily change cloud service providers, or port the data back in-house to your own IT system. Several cloud service providers have a signed a code of conduct to guarantee this. You can access the list of service providers and the code of conduct on the website of the Cloud switching and porting data association (SWIPO).

Data localisation requirements in the EU

In exceptional cases, EU countries may be able to restrict the movement of certain data, but only if justified on the grounds of public security. Such a justification could be, for example, when data relates to ongoing counter-terrorism investigations, or when loss of data could risk a major traffic accident (such as for air traffic control data). These exceptions depend on national legislation. The EU regulation on the free flow of non-personal data gives access to information about such data localisations restrictions.

National information and contact points

The EU regulation on the free flow of non-personal data outlines two information points that EU countries must provide:

  • “Single information point” refers to an official website with national information about the data localisation restrictions and requirements.
  • “Single point of contact” refers to a physical address and/or an email that you can contact for further information.

In the Ask national administrations section below you will find the single information point and single point of contact at each national level.

Sharing data with competent authorities

You must make data available if a competent authority makes a legitimate request to access your data, even if the data is managed or stored in another EU country. Penalties may be issued for non-compliance in accordance with national law.

EU legislation

Need more information on rules in a specific country?

Choose country

Bulgaria

The Ministry of eGovernment

Czechia

Úřad vlády, Oddělení evropské digitální agendy, Sekce pro evropské záležitosti

The Section for European Affairs of the Office of the Government of the Czech Republic

Volný pohyb neosobních dat | BusinessInfo.cz Open as an external link cs

Denmark

Erhvervsstyrelsen

Danish Business Authority

Opbevaring og deling af data Open as an external link da

Estonia

Tarbijakaitse ja Tehnilise Järelevalve Amet

Consumer Protection and Technical Regulatory Authority

The Consumer Protection and Technical Regulatory Authority

Economic Cooperation Unit

Consumer and Business Councelling Department

Endla 10A, 10122 Tallinn

Finland

Liikenne- ja viestintävirasto Traficom

Finnish Transport and Communications Agency Traficom

Germany

Bundesministerium für Wirtschaft und Klimaschutz

Federal Ministry for Economic Affairs and Climate Action

Italy

Ministro per l'innovazione tecnologica e la transizione digitale

Presidency of the Council of Ministers Department for Digital Transformation

Largo Pietro di Brazzà, 86 00187

Roma

Ministro per l’innovazione tecnologica e la transizione digitale Open as an external link it

Lithuania

Lietuvos Respublikos ekonomikos ir inovacijų ministerija

Ministry of the Economy and Innovation of the Republic of Lithuania

Gedimino Ave. 38, 01104 Vilnius, Lithuania

Europos sąjungos dokumentai Open as an external link lt

Luxembourg

Le Service des médias, de la connectivité et des communications

The Department of Media, Connectivity and Digital Policy

Protection des données Open as an external link fr

Netherlands

Ministerie van Economische Zaken en Klimaat

The Ministry of Economic Affairs and Climate Policy

Slovakia

Ministerstvo investícií, regionálneho rozvoja a informatizácie Slovenskej republiky slúži

Ministry of Investments, Regional Development and Informatization of the Slovak Republic

Slovenia

Ministrstvo za javno upravo

Ministry of Public Administration

Tržaška cesta 21

1000 Ljubljana

Spain

Ministerio de Asuntos Económicos y Transformación Digital

Ministry of Economic Affairs and Digital Transformation

P. de la Castellana 162

C.P. 28046 Madrid

Libre circulación de datos no personales en la Unión Europea Open as an external link es

Sweden

Kommerskollegium

National Board of Trade Sweden

Nya datalokaliseringskrav ska anmälas enligt dataflödesförordningen Open as an external link sv

* Information not yet available.

Need support from assistance services?

Get in touch with specialised assistance services

Do you have questions on operating a business cross-border, for example exporting or expanding to another EU country? If so, the Enterprise Europe Network can give you free advice.

You can also use the assistance service finder to find the right help for you.

Last checked: 12/02/2024
Share this page