News

Do you know where your cloud data is stored?

Wed, 10/07/2015 - 09:35
Cloud Services

Since yesterday's ruling by the European Court of Justice that the 15-year old so called 'EU-US SafeHarbour Agreement' is invalid, organisations within the EU will be evaluating their use of US-based cloud services to determine whether they are compliant with data protection regulations.

The Safeharbour Agreement made between the EC and US, attempted to provide reassurances that EU citizens' data and privacy would be protected if transferred by US companies to the US. The agreement enabled US companies to self-certify that they would adequately protect EU citizens' data.

The ruling invalidating the agreement comes on the on the back of the Edward Snowden revelations, which revealed that US security services were able to gain unlimited access to any data that had been transferred to the US from the EU, even if there was no identified or suspected threat to national security.

So what impact will this have?

Within hours of yesterday's news, US-based cloud providers were scrambling to limit any fallout. Some of these companies are making available a "data processing addendum" that incorporates the European Commission's standard contractual clauses, commonly referred to as "model clauses". This should help to reassure customers in the short term that their data transfers will be validated and continue to have (potentially) the same level of protection currently observed under EU data protection laws.

In addition, a new safeharbour agreement is being negotiated between the US and EU but after two years of discussion, is proving difficult to ratify. In light of yesterday's ruling, these discussions will no doubt have a renewed urgency.

The impending replacement for the Data Protection Act 1998, called GDPR (General Data Protection Regulations) is also nearing publication and this will provide long-term protection for the processing of data relating to EU citizens.

How the US and US-based cloud service providers react to yesterday's "invalid" news and the impact this ruling has on legislation, will undoubtedly shape the delivery of global cloud services in the future.

Is Redstor affected?

No. Whilst Redstor is a global provider of software and services, Redstor is not US-owned and works closely with all clients, regardless of geographic location to ensure their sovereignty requirements are met. In addition, our services feature strong encryption and customers are in control of the encryption key, meaning that only they have the ability to decrypt their data.

Recent Articles

Redstor_Alternative_accountancy_strategic_blog Redstor

Redstor Accounting For Financial Data Backups at The Alternative Accountancy Strategic IT Conference 2018

Continuing from a series of events in the first two months of the year, Redstor will be in attendance of this years, Alternative Accountancy... read more

February 20, 2018
Redstor_CryptoJacking_blog Data Protection

Crypto-jacker Leaves ICO In Its Wake

Cyber-attacks and ‘hacks’ made regular headlines throughout 2017, and in the UK the Information Commissioner’s Office (ICO), was there to oversee all... read more

February 15, 2018
Redstor_100Days_to_GDPR Data Protection

100 Days To Go…

Wednesday 14th February 2018, valentine’s day, but more significantly it’s 100 days until G-day. May 25th, 2018, the day on which The General Data... read more

February 14, 2018