News

Do you know where your cloud data is stored?

Wed, 07/10/2015 - 09:35
Cloud Services

Since yesterday's ruling by the European Court of Justice that the 15-year old so called 'EU-US SafeHarbour Agreement' is invalid, organisations within the EU will be evaluating their use of US-based cloud services to determine whether they are compliant with data protection regulations.

The Safeharbour Agreement made between the EC and US, attempted to provide reassurances that EU citizens' data and privacy would be protected if transferred by US companies to the US. The agreement enabled US companies to self-certify that they would adequately protect EU citizens' data.

The ruling invalidating the agreement comes on the on the back of the Edward Snowden revelations, which revealed that US security services were able to gain unlimited access to any data that had been transferred to the US from the EU, even if there was no identified or suspected threat to national security.

So what impact will this have?

Within hours of yesterday's news, US-based cloud providers were scrambling to limit any fallout. Some of these companies are making available a "data processing addendum" that incorporates the European Commission's standard contractual clauses, commonly referred to as "model clauses". This should help to reassure customers in the short term that their data transfers will be validated and continue to have (potentially) the same level of protection currently observed under EU data protection laws.

In addition, a new safeharbour agreement is being negotiated between the US and EU but after two years of discussion, is proving difficult to ratify. In light of yesterday's ruling, these discussions will no doubt have a renewed urgency.

The impending replacement for the Data Protection Act 1998, called GDPR (General Data Protection Regulations) is also nearing publication and this will provide long-term protection for the processing of data relating to EU citizens.

How the US and US-based cloud service providers react to yesterday's "invalid" news and the impact this ruling has on legislation, will undoubtedly shape the delivery of global cloud services in the future.

Is Redstor affected?

No. Whilst Redstor is a global provider of software and services, Redstor is not US-owned and works closely with all clients, regardless of geographic location to ensure their sovereignty requirements are met. In addition, our services feature strong encryption and customers are in control of the encryption key, meaning that only they have the ability to decrypt their data.

Recent Articles

Redstor_Wannacry_blog Ransomware

WannaCry A Year On

Ransomware attacks took up many headlines throughout 2016 and 2017 as their quantity and effect became widespread, costing organisations and... read more

May 16, 2018
Redstor_Equifax_leak_blog Disaster Recovery

Equifax – The Breach That Keeps Getting Bigger

Last year in September 2017 Equifax revealed that they had numerous data files stolen by hackers. The Credit Ratings agency initially at the time... read more

May 15, 2018
Redstor_future_lawyer_summit_blog Redstor

Redstor Looking Ahead At The Future Lawyer Summit

On the 29th May, representatives from Redstor will attend London’s Future Lawyer Summit, a highly regarded conference, as an exhibitor. The one-day... read more

May 11, 2018