Last checked: 29/07/2020

Using, storing and transferring data

Affected by Brexit?

You - as an individual, business or organisation - have the right to use, collect, store, transfer or manage non-personal data, and to use data centres or cloud services anywhere in the EU (In this case, the 28 EU member states + Iceland, Norway and Liechtenstein).

This can help you avoid any potential duplication of costs; for example, you can centralise your IT infrastructure in one EU country, even if you operate in multiple countries.

What is non-personal data?

Non-personal data is information that cannot be linked to an identified or identifiable person, such as data:

Personal data and mixed data sets

The rules for dealing with personal data differ from those for non-personal data. You can read more about personal data and the data protection rules on the GDPR page.

Personal and non-personal data are often collected and stored together; this is known as mixed data. If you handle mixed datasets, the same level of protection as personal data applies. Find out more about mixed data sets and how to manage them.

You can store your data anywhere in the EU, including on cloud servers

Apart from the exceptional cases explained below, you can choose the location where data is stored or processed.

If you use a cloud service to store your data, you should be able to easily change cloud service providers, or port the data back in-house to your own IT system.

To ensure this, several cloud service providers have joined the Cloud Switching and Porting Data (SWIPO) code of conduct. Find out more about this here.

Restrictions on free movement of data in the EU

In exceptional cases, EU countries may be able to restrict the location of certain data, but only if justified on the grounds of public security, for example, when data relates to ongoing counter-terrorism investigations, or when loss of data could risk a major traffic accident (such as for air traffic control data).

Check if the country you are based in, or where you intend to expand your business to, has any restrictions on storing data abroad.

Choose country:

  • Austria*at
  • Belgium*be
  • Bulgaria*bg
  • Croatia*cr
  • Cyprus*cy
  • Czechia*cz
  • Denmarkdken
  • Estonia*ee
  • Finlandfien
  • France*fr
  • Germany*de
  • Greece*gr
  • Hungary*hu
  • Iceland*is
  • Ireland*ie
  • Italy*it
  • Latvia*lv
  • Liechtenstein*li
  • Lithuanialt
  • Luxembourg*lu
  • Malta*mt
  • Netherlands*nl
  • Norway*no
  • Polandplen
  • Portugal*pt
  • Romania*ro
  • Slovakia*sk
  • Sloveniasisl
  • Spaineses
  • Swedensesv
  • Switzerland*ch
  • United Kingdom*uk

If you need more information on other rules for using, storing and transferring data in a specific country or on the Regulation you can ask the national contact points.

Sharing data with competent authorities

You must make data available if a competent authority makes a legitimate request to access your data, even if the data is managed or stored in another EU country. Penalties may be issued for non-compliance in accordance with national law.

EU legislation

Need more information on rules in a specific country?

Choose country
  • Greecegr
  • Hungaryhu
  • Icelandis
  • Irelandie
  • Italyit
  • Latvialv
  • Liechtensteinli
  • Lithuanialt
  • Luxembourglu
  • Maltamt
  • Netherlandsnl

Need support from assistance services?

Get in touch with specialised assistance services

Local business support

Do you have questions on operating a business cross-border, for example exporting or expanding to another EU country? If so, the Enterprise Europe Network can give you free advice.

Share this page: