News

Do you know where your cloud data is stored?

Wed, 07/10/2015 - 09:35
Cloud Services

Since yesterday's ruling by the European Court of Justice that the 15-year old so called 'EU-US SafeHarbour Agreement' is invalid, organisations within the EU will be evaluating their use of US-based cloud services to determine whether they are compliant with data protection regulations.

The Safeharbour Agreement made between the EC and US, attempted to provide reassurances that EU citizens' data and privacy would be protected if transferred by US companies to the US. The agreement enabled US companies to self-certify that they would adequately protect EU citizens' data.

The ruling invalidating the agreement comes on the on the back of the Edward Snowden revelations, which revealed that US security services were able to gain unlimited access to any data that had been transferred to the US from the EU, even if there was no identified or suspected threat to national security.

So what impact will this have?

Within hours of yesterday's news, US-based cloud providers were scrambling to limit any fallout. Some of these companies are making available a "data processing addendum" that incorporates the European Commission's standard contractual clauses, commonly referred to as "model clauses". This should help to reassure customers in the short term that their data transfers will be validated and continue to have (potentially) the same level of protection currently observed under EU data protection laws.

In addition, a new safeharbour agreement is being negotiated between the US and EU but after two years of discussion, is proving difficult to ratify. In light of yesterday's ruling, these discussions will no doubt have a renewed urgency.

The impending replacement for the Data Protection Act 1998, called GDPR (General Data Protection Regulations) is also nearing publication and this will provide long-term protection for the processing of data relating to EU citizens.

How the US and US-based cloud service providers react to yesterday's "invalid" news and the impact this ruling has on legislation, will undoubtedly shape the delivery of global cloud services in the future.

Is Redstor affected?

No. Whilst Redstor is a global provider of software and services, Redstor is not US-owned and works closely with all clients, regardless of geographic location to ensure their sovereignty requirements are met. In addition, our services feature strong encryption and customers are in control of the encryption key, meaning that only they have the ability to decrypt their data.

Recent Articles

Redstor_GDPR_Arrival_blog Data Management

G-day Is Here!

The wait is over. The period for becoming compliant has finished and the General Data Protection Regulation (GDPR) is now in full effect.... read more

May 24, 2018
Redstor_Cloud_data_blog Online Backup

Is Your Cloud Data As Safe As You Think?

Cloud technology is fast becoming a stable in the IT strategies of all modern businesses. Well-known benefits like flexible and rapid deployment help... read more

May 22, 2018
Redstor_Wannacry_blog Ransomware

WannaCry A Year On

Ransomware attacks took up many headlines throughout 2016 and 2017 as their quantity and effect became widespread, costing organizations and... read more

May 16, 2018