Data protection has become a major concern for organizations of all sizes, whether public or private. Faced with a steady increase in cyber-attacks and the risk of data leakage, it is imperative to adopt robust IT security strategies. The hosting of computer data and the software used in day-to-day business activities play a major role in the risks incurred. Careful selection can significantly reduce vulnerabilities and offer solid protection against these increasingly sophisticated threats.

Hosting your data

The choice of a data hosting provider should not be based solely on performance, availability and scalability. Security and compliance aspects must be considered as a sine qua non, as well as aspects related to the hosting country.

• Security and compliance: the hosting provider must offer robust security measures to protect your data against intrusion, loss and leakage. Look for recognized security certifications, and make sure the hosting provider meets the compliance standards specific to your industry.

  The ISO/IEC 27001:2013 standard establishes a set of criteria designed to help entities secure their assets, including people, infrastructure and reputational information. The standard is applicable to any organization, regardless of its size, field of activity or sector, and represents the most universally recognized method for managing information security.

• Hosting location: the country of the hosting provider is crucial for several reasons:

  • GDPR and FADP legal compliance: data protection laws vary from country to country. Hosting your data in a country with strict data protection standards can help ensure compliance with applicable regulations, such as GDPR in Europe or FADP in Switzerland.
  • Data sovereignty: some countries impose restrictions on the transfer of data beyond their borders, which may affect your ability to access or transfer your own data. This ensures that European countries are not dependent on non-European suppliers, who may be subject to conflicting foreign legislation (such as the US Cloud Act), which could compromise the security and confidentiality of European data.

In particular, you are advised to be vigilant with regard to countries that do not have strong data protection laws or are known for their extensive government surveillance:

• Without strong data protection legislation: countries without strict data protection laws or a clear regulatory framework may expose your data to confidentiality and security risks.
• With extensive government surveillance: some countries are known for their intrusive state surveillance, which could compromise the confidentiality and integrity of your data.

Hosting in the USA for a Swiss or European company: good or bad idea?

Hosting data in the USA presents specific challenges for Swiss and European companies, mainly due to the differences in data protection regulations between Europe (including Switzerland) and the USA.

1. Different regulatory framework: the US does not offer the same level of personal data protection as the GDPR in Europe or Swiss data protection laws. This can create complications for Swiss or European companies in terms of legal compliance. 2. Surveillance laws: the United States has laws that allow governments to access data stored on its territory as part of investigations. This includes laws such as the Patriot Act and the Cloud Act, which can compel cloud service providers to disclose data, including that belonging to foreign entities, to US government agencies. 3. International data transfers: for European and Swiss companies, transferring personal data to the USA requires ensuring that this data will benefit from an adequate level of protection. This may involve setting up standard contractual clauses, binding corporate rules or other legal mechanisms to ensure compliance with the GDPR.

What role does the softwares you use play?

Your server hosting may have been carefully selected, but what about the data available in the many software applications used by your staff?

Today, the use of software is virtually indispensable to business development. Payroll management software, CRM for customer follow-up, marketing platforms for campaign management, task managers, instant messaging software, and so on. All these tools enable optimal management of business activities, as well as smooth and efficient collaboration. However, each of them stores personal and potentially sensitive information about the company's customers, users and collaborators, representing a security risk.

This means that the softwares they use must be chosen with the utmost care to guarantee compliance.

This means asking precise questions about how the software collects, processes and stores personal data. It's also important to check whether the supplier offers features that make it easy to manage users' rights, such as the right to be forgotten, data access and data portability.

How to choose secure, GDPR- and FADP-compliant software.

1. Give preference to transparent and cooperative suppliers

Choose suppliers who are transparent about their data protection practices and willing to cooperate to ensure compliance. This can include providing detailed documentation on data security and compliance measures, as well as support in the event of an audit or inspection by data protection authorities.

2. Ensuring data security

Compliance doesn't stop at privacy; it also encompasses data security. Make sure that the software you choose offers solid security guarantees, such as encryption of data in transit, regular backups on a second server, and protection against unauthorized access. These days, for example, it's unimaginable to connect to a cloud service that doesn't use HTTPS (hypertext Transfer Protocol Secure) or offer 2FA (two-factor authentication).

3. Choose software that hosts its data in Europe

For the same reasons that you should choose to locate your servers in Switzerland or Europe, it's a good idea to choose software that follows this strategy. By hosting their data in the EU, companies can ensure that they comply with EU directives, thereby avoiding potential sanctions which can be particularly severe. They also avoid conflicts of data sovereignty and boost user confidence.

The little extra: support for the Swiss and European technology sector

Choosing Europe as the location for data hosting offers significant economic advantages. Firstly, it stimulates the local economy by promoting the development of digital infrastructures and data centers, and creating jobs in the technology sector. Secondly, it encourages innovation by providing startups and enterprises with secure, regulated access to crucial data, facilitating the development of new technologies and services. In addition, the existence of a clear regulatory framework and the geographical proximity of data centers can improve the performance and responsiveness of online services.

Now that you know everything, why not do a little audit of the software used by your company?

• Are they hosted in Switzerland? In Europe? In the USA?
• Are their data centers ISO 27001 certified?
• Do they have independent audit certificates (e.g. SOC 2 Type II)?
• Do they use HTTPS protocol for Cloud software?

Click here to find out more about WEDO's commitment to safety.