German law prohibits data being held outside the country
I agree that "German law prohibits data being held outside the country at all" but I found interesting projects that addressed this challenge.
One project included incoming source data from various European banking entities, and existing data within those systems, which would be consolidated in one European country. The project achieved targeted compliance with EU Cross Border Data Security laws, Datenschutzgesetz 2000 - DSG 2000 in Austria, and Bundesdatenschutzgesetz in Germany by using a data tokenization approach, protecting the data before sending and storing it in the cloud.
This new approach to data privacy is described in a report from the Aberdeen Group that revealed that "tokenization users had 50% fewer security-related incidents (e.g., unauthorized access, data loss or data exposure than tokenization non-users". Nearly half of the respondents (47%) are currently using tokenization for something other than cardholder data.
This new technology development makes it easy to store data outside the domestic borders and at the same time be compliance to regulations and also ensure that the data remains secure and private.
Ulf Mattsson, CTO Protegrity