1. Meet all the requirements of the GDPR The Dutch requirements for secure data storage are very strict. And for many standards and certificates, you have to meet these requirements. The fact that Microsoft or Google are building data centers in the Netherlands does not mean that they instantly comply with the GDPR. They fall out of it. The rules apply to the location of the mother company and not to the physical location of the servers.