Cloud Computing

UK and European Data Protection Rules have a considerable effect on outsourcing decisions

16th April 2013

Organisations are storing large volumes of information that is subject to both UK and European data protection laws meaning they must pay close attention to how and where that data is stored and processed in the event of its migration to an external cloud service platform.

A business located in the UK for example is subject to the Data Protection Act 1998, which includes an obligation that the customer retains close control over its personal data, even when it is being processed by a third party on its behalf, and retains legal responsibility for that data’s integrity.

Whilst EU law does not prohibit the transfer of personal data outside the European Economic Area (EEA), which includes all the countries in the European Union as well as Iceland, Liechtenstein and Norway, it does insist that there are adequate data protection safeguards in place before that processing takes place, unless the destination country has been pre-approved as having adequate data protection by the European Commission, including measures to ensure it is properly isolated and deleted when appropriate.

Any external cloud service provider trusted to handle company information must therefore be able to demonstrate adherence to any relevant data protection rules and provide visibility into security, storage and data retention processes, potentially allowing information security monitoring and audits and linking external hosted systems to on-premises platforms within broader hybrid cloud service delivery via secure network links such as virtual private networks (VPNs).

Companies should work closely with the provider to establish the exact details of service policies, processes and controls which determine how their personal data will be kept secure and establish safeguards to ensure information is stored in line with applicable laws.

A high percentage of stored data is subject to privacy legislation

A high percentage of stored data is subject to privacy legislation

Download the full Cloud Workload Migration White Paper

Keith Tilley is Executive Vice President for global sales and customer services, responsible for ensuring we meet our customers’ business objectives and achieve our goals by geography and account. Keith is also responsible for sales, marketing, consulting and customer services. His 35-plus years of business expertise keep Sungard Availability Services operating at the top its field around the world. Keith joined Sungard AS in November 2001 when the Company acquired Comdisco. Prior to that, he worked for Failsafe Roc Ltd., Istel and Rover Cars – progressing from the IT department to operations manager then moving into various commercial and product management roles. Initially working as business development director in the UK for FailSafe ROC, Keith has held roles in marketing, business development and service delivery before becoming managing director for Comdisco’s UK and European operations. During this time Keith managed the expansion of the business from a single line in only two locations, to multiple platforms and services including high availability and web services across nearly 30 facilities throughout Europe and India. Keith is a Chartered Director and is a co-opted member of the Confederation of British Industry’s South East Council, as well as vice-chair of Intellect’s membership committee.


There are no comments.