Express consent is not required from a general data protection perspective. Under Spanish financial legislation, to the extent customer data is encrypted (and, therefore, inaccessible), sharing/hosting/processing and moving data to the cloud would not entail a breach of the confidentiality and nondisclosure obligation.