Knowledge for policy
Publication 8 July 2019

Regulation on the free flow of non-personal data

The Regulation, applicable as of 28 May 2019, aims at removing obstacles to the free movement of non-personal data across Member States and IT systems in Europe.

The Regulation ensures:

  • Free movement of non-personal data across borders: every organisation should be able to store and process data anywhere in the European Union,
  • The availability of data for regulatory control: public authorities will retain access to data, also when it is located in another Member State or when it is stored or processed in the cloud,
  • Easier switching of cloud service providers for professional users. The Commission has started facilitating self-regulation in this area, encouraging providers to develop codes of conduct regarding the conditions under which users can port data between cloud service providers and back into their own IT environments,
  • Full consistency and synergies with the cybersecurity package, and clarification that any security requirements that already apply to businesses storing and processing data will continue to do so when they store or process data across borders in the EU or in the cloud.