How Elastisys works with UpCloud to ensure GDPR compliance for its customers

As one of UpCloud’s fastest-growing partners, Elastisys delivers a security-hardened Kubernetes platform that is built for EU compliance as well as fully managed on European cloud servers.

We spoke to Johan Tordsson, CEO of Elastisys, to explore how the partnership works and why European businesses must ensure they run on a European-based cloud platform to satisfy GDPR concerns.

In order to add as much value as possible for our customers, UpCloud partners with other European cloud-native companies to ensure the most reliable service and industry-leading data security.

As a Sweden-based company, data security is of the utmost importance to Elastisys, just as it is for UpCloud. 

Elastisys is a fully managed Kubernetes service provider which hosts cloud-native solutions for clients. They enable public sector vendors and those in MedTech, Edtech, Fintech or other such areas that handle sensitive personal data – so it’s vital that they maintain the highest security standards, and imperative they run on a European cloud like UpCloud’s to ensure compliance with EU regulations. 

GDPR Compliance

Customers of both companies require their cloud service providers to ensure that data is kept safe and secure. And crucially, they also need to be able to prove this to their own customers, who are increasingly asking questions about where their data is hosted. 

“GDPR and European data protection laws may seem complicated, but this is a basic legal requirement,” said Tordsson. “As a European citizen, you own the right to your data and can choose what purposes that can be used for. And after many complicated legal cases, it’s now clear that the only proper way to ensure that you are GDPR compliant is to run on a European-owned cloud, preferably with data centres located in Europe.

“GDPR has real-world implications, too. For example, in Sweden, anyone providing software to public sector organisations will always be asked, ‘So, who is your cloud provider? And is this a European company?’ That’s simply a hard requirement for doing business in the public sector in Sweden.”

Johan Tordsson, CEO of Elastisys

For a non-technical audience, data security seems like a complex but important issue. The reality is that rigorous processes must be put in place to ensure this security, and Tordsson explains the work that goes into this behind the scenes: 

“Keeping data secure requires the classic ‘CIA’ triangle of ‘confidentiality, integrity and availability’. 

“There really is no silver bullet here. There are a lot of different mechanisms needed and if you actually want to have data available, you need to have backups. But your backups are only as good as your disaster recovery capabilities. So, you need to practise these recurrently because unfortunately, that’s the only way you’ll get good backups.

“These are ultimately boring and mundane tasks, but you really need to stay alert in order to get it right.”

A partnership that benefits the end-user

But the partnership between Elastisys and UpCloud extends beyond data security. 

Because finding the right partnership is of paramount importance, and both companies rigorously assess each collaboration to make sure they are compatible.

“When it comes to ensuring we remain as effective and efficient as possible, we have an extensive partner compliance programme where we’re looking at everything from legal requirements, all the way to in-depth technical audits,” said Tordsson.

“We value collaborative discussions on everything, from product owners ensuring roadmap alignment, to how operations teams will work together. It’s important for clarifying expectations, so for example, what kind of Service Level Agreements (SLA) can we get if things break in the middle of the night? What are the response times going to be?”

UpCloud offers 100% SLA which is critical to partners when running their customers’ business-critical environments.

“For us, the partnership is a holistic one. It’s important to be able to define how we work together in case of incidents, what kind of post-mortems can we do if something goes wrong? 

“In order for collaborations to work effectively, they need to have proper demarcation and understanding of the respective responsibilities.

“In the end, we want our customers to be successful and we don’t want to end up in some sort of blame game. We work closely with UpCloud in a ‘no shame’ manner to deliver the best service to our customers.”

The rise of Kubernetes

More and more businesses are beginning to use Kubernetes to deploy and manage their applications on the cloud, which is in turn leading to growth for Elastisys.

Kubernetes is a modern technology that helps users automate, deploy, and scale their cloud applications, and it is updating all the time. This means businesses need to be able to stay on top of progress in order to have the best services.

UpCloud and Elastisys are committed to helping customers with the complexities of managing a cloud-native computing environment. This close partnership gives customers the flexibility to manage their own data usage and be secure and compliant. 

“This technology is moving at a very fast pace,” said Tordsson. “Kubernetes comes with multiple new releases every year, and the lifetime is very short. So, if you’re running something like Ubuntu / Linux, you can stay with the old version for five years. Postgres has a 10-year end-of-life, but with Kubernetes, we are talking about 18 months and then your platform is unsupported for all security patches. 

“There’s a high level of innovation in this space, which comes with benefits – but also an increased burden on operation.”

Get in touch and learn how your business can benefit from using UpCloud solutions.

Janne Ruostemaa


Operating in the EU? – Why a European-based cloud platform is the right choice

In today’s interconnected and online world, cloud computing has become the backbone of modern businesses – offering scalable and efficient solutions for storage, processing and collaboration. However, for European businesses and any business operating within the European market, the choice of cloud platform goes beyond mere functionality.  2018 saw the introduction of General Data Protection […]

Data Sovereignty

GDPR, ISO 27001 and CISPE Code of Conduct: a guide to European compliance with UpCloud

Headquartered in Helsinki, UpCloud stands at the forefront of the European cloud infrastructure industry, rooted in Finnish traditions of technical and business excellence. Every customer who chooses to partner with us isn’t just selecting a cloud hosting solution; they’re placing their business, their confidence, and their aspirations in the hands of a certified Cloud Service […]


Data Sovereignty

European Cloud: The cornerstone of GDPR Compliant Data Protection

In today’s digital era, ensuring data privacy and security is paramount for businesses worldwide. However, with the 2018 introduction of General Data Protection Regulation (GDPR), companies operating within the EU are bound by strict guidelines to protect the personal data of their customers.  Establishing the highest levels of data privacy and security should be one […]

Data Sovereignty

Back to top