All businesses have to comply with certain regulations and laws. In some industries – and continents – unmanaged compliance quickly becomes a burden on profitability. If the business doesn’t take its responsibilities seriously, it can end up paying fines and losing its hard-earned reputation.
If your business has its offices in the EU, you need to be careful about data storage. Cloud computing means your data could be stored literally anywhere if you don’t keep a close eye on the services you’re using.
What’s Special About Europe?
Globally, all businesses must meet compliance and governance requirements, and this has been a barrier to cloud adoption for many businesses. It’s not that compliance changes when you use the cloud – but the nature of the services you choose can affect its impact.
In Europe, there’s a law, the Data Protection Directive, which prevents the transmission of personal data to non-EU countries unless it’s dealt with in a compliant manner. There are 11 approved non-EU countries that are considered to be compliant; all others require special care.
Choosing a Provider Overseas
When storing data in the cloud, the business is responsible for that data. It cannot pass the buck to the cloud storage provider. You need to carry out due diligence and ensure your services are fit for purpose.
If you use a US provider, you need to make sure they are Safe Harbor members and regulated by the Federal Trade Commission. US and EU law actually conflicts in some areas, too. Don’t assume that the US is vetted and allowed for data protection compliance: it isn’t.
There’s the added complication of the Patriot Act: the law that lets US authorities gain access to any data held by a US company if they have good reason to do so. It doesn’t matter if the data was generated by a UK company, or is owned by a UK company. The fact is that it’s stored in US locations, so the Patriot Act is applicable.
The issue of compliance could fill a white paper, or even a book, but one thing is clear: it’s immensely complicated. While public cloud and private cloud services sound simple on paper, storing corporate data can be problematic… and storing your clients’ data very risky indeed.
Often, if you use a very large provider, your data may be stored in multiple locations without your knowledge. That makes it impossible for a UK business to know the risk.
As the data controller responsible for security and personal data, you are ultimately in charge of compliance. The fact that your provider does things you don’t know about is no excuse.
For UK companies, by far the safest option is to host data within the UK. This is a simple way to make sure your data is stored according to the laws applicable to you, so you have complete peace of mind. With your data in UK storage, your risk is mitigated and there are fewer fines to worry about too.