News

Do you know where your cloud data is stored?

Wed, 07/10/2015 - 09:35
Cloud Services

Since yesterday's ruling by the European Court of Justice that the 15-year old so called 'EU-US SafeHarbour Agreement' is invalid, organisations within the EU will be evaluating their use of US-based cloud services to determine whether they are compliant with data protection regulations.

The Safeharbour Agreement made between the EC and US, attempted to provide reassurances that EU citizens' data and privacy would be protected if transferred by US companies to the US. The agreement enabled US companies to self-certify that they would adequately protect EU citizens' data.

The ruling invalidating the agreement comes on the on the back of the Edward Snowden revelations, which revealed that US security services were able to gain unlimited access to any data that had been transferred to the US from the EU, even if there was no identified or suspected threat to national security.

So what impact will this have?

Within hours of yesterday's news, US-based cloud providers were scrambling to limit any fallout. Some of these companies are making available a "data processing addendum" that incorporates the European Commission's standard contractual clauses, commonly referred to as "model clauses". This should help to reassure customers in the short term that their data transfers will be validated and continue to have (potentially) the same level of protection currently observed under EU data protection laws.

In addition, a new safeharbour agreement is being negotiated between the US and EU but after two years of discussion, is proving difficult to ratify. In light of yesterday's ruling, these discussions will no doubt have a renewed urgency.

The impending replacement for the Data Protection Act 1998, called GDPR (General Data Protection Regulations) is also nearing publication and this will provide long-term protection for the processing of data relating to EU citizens.

How the US and US-based cloud service providers react to yesterday's "invalid" news and the impact this ruling has on legislation, will undoubtedly shape the delivery of global cloud services in the future.

Is Redstor affected?

No. Whilst Redstor is a global provider of software and services, Redstor is not US-owned and works closely with all clients, regardless of geographic location to ensure their sovereignty requirements are met. In addition, our services feature strong encryption and customers are in control of the encryption key, meaning that only they have the ability to decrypt their data.

Recent Articles

Redstor_Ransomware_Typewriters_blog Ransomware

Latest Ransomware Attacks Leave Organisation Working On Typewriters

Ransomware is a threat to all organizations and has been prevalent for a number of years. Although recent reports suggest that organizations are no... read more

August 09, 2018
Redstor_Reddit_blog Ransomware

Two-factor Becomes Hack-factor In Reddit Attack

The last few years have seen a number of high profile hacks, each growing in complexity and affecting masses of people. Strains of ransomware have... read more

August 07, 2018
Redstor_Dixons_super-breach_blog Disaster Recovery

Dixons Breach Becomes Super-breach Following Review

Earlier this year high street electronics firm Dixons Carphone revealed that a data breach had occurred the previous year, effecting over 1 million... read more

August 02, 2018