"company officers can be imprisoned."
That is not true:
https://www.whitecase.com/publications/alert/new-eu-guidelines-data-protection-officers
"the GDPR does not lead to individual liability of the DPO for non-compliance by the business"
The cloud provider I have checked didn't accept responsibility for fines if data leaks because of errors on their side. However they claim they fully comply of course..
In other words: Storing your data elsewhere can be very risky since you have to take full responsibility for your suppliers.
Biting the hand that feeds IT
