“Where is my data?” is a common worry, and not without reason. In recent months there have been significant changes in the rules for storing and managing data. Firstly, the European Court of Justice ruled that the Safe Harbor agreement, by which EU organisations could allow their data to be stored in US centres that met European standards, was invalid.
This combines with recent stories of the US security services’ intrusions into online data sources, which have raised fears that personal information is not safe from prying eyes unless kept closer to home. This means it is no longer a valid option to turn to multinational cloud service providers using US data centres for EU customers.
Secondly, the European Parliament has taken the conclusive steps towards passing a new Data Protection Regulation9, likely to come into force in early 2018, imposing a number of strict requirements on public and private sector organisations. These include providing people with better information on what happens to their personal data when it is shared, a right to erase personal data, a right to object to its processing, and safeguards for its archiving and use in research. In addition, multinationals will be subject to one national regulator, based on where they have their main establishment.
This is likely to focus minds on keeping data closer to home, and attaching more importance to the use of domestic data centres. Cloud providers that can show all the data remains in the UK will provide the advantages of making it easier to visit their facilities, being subject to the same national regulator, and ensuring that an organisation is fully compliant with the legal framework.