UK and European Data Protection Rules have a considerable effect on outsourcing decisions

Organisations are storing large volumes of information that is subject to both UK and European data protection laws meaning they must pay close attention to how and where that data is stored and processed in the event of its migration to an external cloud service platform.

A business located in the UK for example is subject to the Data Protection Act 1998, which includes an obligation that the customer retains close control over its personal data, even when it is being processed by a third party on its behalf, and retains legal responsibility for that data’s integrity.

Whilst EU law does not prohibit the transfer of personal data outside the European Economic Area (EEA), which includes all the countries in the European Union as well as Iceland, Liechtenstein and Norway, it does insist that there are adequate data protection safeguards in place before that processing takes place, unless the destination country has been pre-approved as having adequate data protection by the European Commission, including measures to ensure it is properly isolated and deleted when appropriate.

Any external cloud service provider trusted to handle company information must therefore be able to demonstrate adherence to any relevant data protection rules and provide visibility into security, storage and data retention processes, potentially allowing information security monitoring and audits and linking external hosted systems to on-premises platforms within broader hybrid cloud service delivery via secure network links such as virtual private networks (VPNs).

Companies should work closely with the provider to establish the exact details of service policies, processes and controls which determine how their personal data will be kept secure and establish safeguards to ensure information is stored in line with applicable laws.

A high percentage of stored data is subject to privacy legislation

A high percentage of stored data is subject to privacy legislation

Download the full Cloud Workload Migration White Paper


About Keith Tilley

As Executive Vice President, Europe and UK&I Managing Director, Keith is responsible for day-to-day profit and loss accounts and all aspects of sales, marketing, delivery and development. Keith’s role includes overseeing over 3,000 customers across Europe and his vision as managing director is to drive the company towards its goal of being the first choice provider of Information Availability solutions. With 30 years of business expertise, Keith keeps SunGard Availability Services’ European operations at the top its field. Keith joined SunGard in November 2001 when it acquired Comdisco. Prior to that, he worked for Failsafe Roc Ltd., Istel and Rover Cars—progressing from the IT department to operations manager then moving into various commercial and product management roles.
Cloud Computing, Cloud Security, Enterprise Cloud, GCloud, Hybrid Cloud, IaaS, Infrastructure as a Service, Uncategorized, , , , , , Permalink

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>