Menu
Search
Life and travel
Travel
Documents you need for travel in Europe
Passenger rights
Transport and disability
Driving abroad
What can you take with you?
Security and emergencies
Package travel and timeshare
Work and retirement
Working abroad
Professional qualifications
Unemployment & benefits
Retiring abroad
Taxes
Vehicles
Cars
Driving licence
Insurance
Registration
Residence
Residence rights
Family residence rights
Documents and formalities
Elections, petitions and consultations
Education & Youth
School
University
Traineeships
Volunteering in the EU and beyond
Researchers
Health
Unplanned healthcare
Planned medical treatment abroad
Buying medicine in another EU country
Health coverage when living abroad
Family
Children
Couples
Death, repatriation and cross-border inheritance
Consumers
Shopping
Internet and telecoms
Financial products and services
Unfair treatment
Energy supply
Consumer dispute resolution
Doing business
Running a business
Developing a business
Digitalising a business
Intellectual property
Startups
EU support tools for SMEs
Taxation
Excise duties
VAT
Business tax
Selling in the EU
Public contracts
Selling goods and services
Competition between businesses
Human resources
Employment contracts
Working hours, holiday and leave
Transport sector workers
Posted workers
Social security and health
Equal treatment and qualifications
Product requirements
Standards
Product compliance
Labels and markings
Chemicals
Recycling and waste management
Food labelling
Finance and funding
Accounting
Getting funding
Making and receiving payments
Dealing with customers
Consumer contracts and guarantees
Data protection
Solving disputes with customers
Contact assistance services
Report an obstacle

Free flow of non-personal data

You - as an individual, business or organisation - have the right to use, collect, store, transfer or manage non-personal data, and to use data centres or cloud services anywhere in the EU.

This can help you avoid any potential duplication of costs; for example, you can centralise your IT infrastructure in one EU country, even if you operate in multiple countries.

Personal data, non-personal data and mixed datasets

Personal data is any information about an identified or identifiable person and follows GDPR rules.

Non-personal datasets refer to:

  • data which does not relate to an identified or identifiable natural person, such as data on weather conditions
  • data which was initially personal data, but was later made anonymous and cannot be attributed in any way to a specific person

Mixed datasets are collections of personal and non-personal data such as a company’s tax record, mentioning the name and telephone number of the managing director of the company. In most cases, the personal and non-personal data in mixed datasets are inextricably linked. If you handle such mixed datasets, you must follow GDPR rules.

You can store your data anywhere in the EU, including on cloud servers

Apart from the exceptional cases explained below, you can choose the location where data is stored or processed.

If you use a cloud service to store your data, you should be able to easily change cloud service providers, or port the data back in-house to your own IT system. Several cloud service providers have a signed a code of conduct to guarantee this. You can access the list of service providers and the code of conduct on the website of the Cloud switching and porting data association (SWIPO).

Data localisation requirements in the EU

In exceptional cases, EU countries may be able to restrict the movement of certain data, but only if justified on the grounds of public security. Such a justification could be, for example, when data relates to ongoing counter-terrorism investigations, or when loss of data could risk a major traffic accident (such as for air traffic control data). These exceptions depend on national legislation. The EU regulation on the free flow of non-personal data gives access to information about such data localisations restrictions.

National information and contact points

The EU regulation on the free flow of non-personal data outlines two information points that EU countries must provide:

  • “Single information point” refers to an official website with national information about the data localisation restrictions and requirements.
  • “Single point of contact” refers to a physical address and/or an email that you can contact for further information.

In the Ask national administrations section below you will find the single information point and single point of contact at each national level.

Sharing data with competent authorities

You must make data available if a competent authority makes a legitimate request to access your data, even if the data is managed or stored in another EU country. Penalties may be issued for non-compliance in accordance with national law.

EU legislation

Need support from assistance services?

Get in touch with specialised assistance services

Get advice on EU rules that apply to your business / solve problems with a public authority

Do you have questions on operating a business cross-border, for example exporting or expanding to another EU country? If so, the Enterprise Europe Network can give you free advice.

You can also use the assistance service finder to find the right help for you.

Last checked: 12/02/2024
Share this page