Cloud storage and applications have become a popular way for organisations to cut their I.T. costs and still be able to access the tools they need to work efficiently. Many of these services are provided by US-based organisations, synchronising data between distributed datacentres across the world to ensure that the information is always available, protected against loss in the event of a local disaster.
These services often mean that personal data would be synchronised outside EU jurisdiction – a process that would normally be considered illegal as the law currently forbids movement of personal data beyond European Community borders. However, a framework known as the Safe Harbor Agreement meant that US organisations could self-certify their compliance with EU data protection laws, allowing them to move data to the US without risk of prosecution.
A recent decision by the European Court of Justice, regarding the efficacy of the Safe Harbor agreement, has profound outcomes for businesses across the UK and beyond. They ruled that Safe Harbor compliance was not providing sufficient protection for personal data, and US Cloud service providers were effectively illegalised with immediate effect. UK businesses could now potentially be prosecuted for continuing to use US-based services.
Microsoft already has the answer
The simplest answer to this problem is to choose a service that uses datacentres in the EU, and never replicates data beyond European borders. Fortunately both the Microsoft Azure Cloud computing platform and Office 365 services are already set-up to keep personal data here in the EU.
Preparing for the future
The EU working party has already run into problems, with the German data protection agency now starting compliancy investigations, despite the agreed three-month moratorium. Such moves suggest that the ban on personal data transfers to the US may remain in place for the foreseeable future.
For any business considering the adoption of Cloud storage or software, it makes sense to avoid any such problems in future by choosing an EU-based provider like Microsoft. And for any organisation already using Cloud systems, they should conduct a review of providers and their data storage provisions to assess how they can comply in the event that the repeal of Safe Harbor is upheld.
For further help and advice about avoiding Safe Harbor issues, or to migrate away from a non-compliant service to a Microsoft alternative, please give the expert team at Complete I.T. a call, and we’ll be happy to help.