The E.U. Data Protection Directive (95/46/EC) sets a baseline for handling personal data in the European Union. The E.U. has stricter privacy rules than the U.S. and most other countries. To allow for the continuous flow of information required by international business (including cross border transfer of personal data), the European Commission reached an agreement with the U.S. Department of Commerce whereby U.S. organizations can self-certify as complying with the Safe Harbor Framework. Microsoft is Safe Harbor certified under the U.S. Department of Commerce.
The Safe Harbor certification allows for the legal transfer of E.U. personal data outside E.U. to Microsoft for processing. Under the E.U. Data Protection Directive and Microsoft’s contractual agreement, Microsoft acts as the data processor, whereas the customer is the data controller with the final ownership of the data and responsibility under the law for making sure that data can be legally transferred to Microsoft. It is important to note that Microsoft will transfer E.U. Customer Data outside the E.U. only under very limited circumstances. See the Location of Data section for details.
Data Processing Agreement
Auditdata has entered the mandatory (by Danish Data Protection Law) Data Processing Agreement with Microsoft in the role as Data Processor, that details Microsoft’s compliance with the E.U. Data Protection Directive and related security requirements for Windows Azure core features within ISO/IEC 27001:2013 scope.
E.U. Model Contractual Clauses provide additional contractual guarantees around transfers of personal data for Windows Azure core features within ISO/IEC 27001:2013 scope.
Customer Data Processing Agreement. Due to the nature of the data processed by the Strato service – sensitive personal data – use of the service in most geographical locations falls within national or regional data protection legislation. To support Strato customers compliance need’s Auditdata offers Strato Customers a Data Processing Agreement which details Auditdata’s compliance with the E.U. Data Protection Directive and related security requirements for Auditdata’s Cloud Operation’s unit and the Strato core features within ISO/IEC 27001:2013 scope.
As a registered Strato customer, the customer data processing agreement can be requested at firstname.lastname@example.org.