With GAIA-X, representatives from politics, business and science from France and Germany, together with other European partners, create a proposal for the next generation of a data infrastructure for Europe: a secure, federated system that meets the highest standards of digital sovereignty while promoting innovation. This project is the cradle of an open, transparent digital ecosystem, where data and services can be made available, collated and shared in an environment of trust.
In an initial step, 22 French and German companies will set up a non-profit foundation to run Gaia-X, which is not conceived as a direct rival to the "hyperscale" U.S. cloud providers but would instead referee a common set of European rules
One important concept underpinning Gaia-X is "reversibility", a principle that would allow users to easily switch providers. First services are due to be offered in 2021.
That is already far too late, according to analysts at Gartner, who forecast that the global market for public cloud services will grow by 17% to $228 billion this year. "The leading cloud providers have already moved quickly to build up this market," said Gartner analyst Rene Buest.
Ultimately its not just certifications and tick boxes, it's how you architect YOUR data within the cloud service that you choose to use to ensure you can deliver business value.
If anything, you just need to beef up the requirements (and corporate liability / penalties) on the Privacy Impact Assessment part of GDPR, and ensure that they are signed off at board-level - so that the board actually asks, understands and is aware of the penalties for non-compliance.
IMHO, then the best way to fix this, is that a breach following an PIA that is deemed to be unsuitable means you are automatically liable for the max fine (4% of global revenue) under GDPR, with no top-limit.</ cynicism>