16 November 2015
How do we protect our data when it is being transferred across the world? Who is responsible for protecting it?
Whilst data protection has always been essential in business, now these questions are becoming increasingly difficult to answer, since the European Court of Justice ruled that Safe Harbour was invalid last month. Of course, as a business owner in the centre of the data protection conversation, I’ve been closely monitoring this situation with my team.
Whilst Safe Harbour has been criticised for some time, its removal does leave the regulation of data transfer in stormy waters.
Invariably, for you and your business, this means that you need to give assurances that none of your customers’ data is being transferred outside of the EEA. If you can’t guarantee that you need to ensure that every organisation holding your data in remote locations is subject to EEA-equivalent security standards.
Now is the time to start asking the right questions.
Is your hosting provider doing enough to protect you? Do you know where your business’s data is being stored? Can you guarantee data sovereignty?
Fifteen years ago, in the very early days of UKFast, we were encouraging people to see the benefit of an online business presence; now that that is a given, it is essential that we are encouraging people to be safe online and protect their businesses’ most valuable asset – data.
It is not an easy task and the hackers of today are incredibly skilled. But there are encouraging signs of change. Amongst other things, a brand new data protection bill is being drafted for the EU and is expected to come into force in early 2017, and high-profile attacks, like the Talk Talk saga, are opening business owners’ eyes to the essential nature of data protection.
We’ve also seen multiple international cloud providers announce that they are now building UK-based data centres and offering a guarantee that your data will stay in the UK. On the one hand, this is a fantastic move for the UK cloud market – it’s growing and multinational firms are recognising the need for a British base. On the other hand, however, the question remains, around whether the US government could demand access to the data that American providers store on UK shores. In my opinion, it’s still a big risk.
Ultimately it is down to us as business leaders to ensure that we are doing all we can to be data savvy. You never know what is over the next hill so now is the time to ask those questions and take steps to be secure.
My team and I are here if you need any advice. I would love to know what you think about Safe Harbour and data protection in the news.