1. “The 8th principle under the UK Data Protection Act says that data must be kept in the UK, therefore it is unlawful for me to use cloud services as my data might be transferred outside the UK.”
Not true. People have said this to me from time to time including just the other day at a cloud conference. The 8th principle allows transfers of data provided there is an adequate level of protection. You can transfer data anywhere inside the EEA (essentially the EU plus 3 good friends), to a country on the EU Commission’s list of safe countries including Safe Harbor or beyond if you add data protection clauses to the contract.
2. “I have to set up my EMEA operation from a German data centre otherwise I won’t get any German customers as they tell me their law prohibits data transfers outside Germany.”
Not true. A confused US provider recently asked me to verify whether what his German distributor had told him was true. As far as I’ve been able to ascertain (I’m no expert on German law), the Bundesdatenschutzgesetz does not say this any more than the UK Data Protection Act. It allows for the free flow of data within the EEA, just as the EU Directive requires.
3. “The EU Commission will abandon Safe Harbor so it is not possible to use US cloud.”
Not true. The EU Commission was so incensed at the scope of NSA spying that it threatened to abandon Safe Harbor. But that was more about getting the US to pay attention and has resulted in a commitment to improve Safe Harbor by this summer (see para 14).
4. “The EU Data Protection Regulation is designed to promote EU cloud and to block US cloud.”
Not true. While there is an EU initiative to promote a European cloud, this is separate to the Regulation which is intended to allow free flow of data in the cloud and across the globe provided EU data protection standards are maintained wherever it involves personal data of EU citizens. That’s if the regulation will ever be passed…
So, how did you do? Maybe you thought the whole thing was an April Fool’s joke? Many people misunderstand data protection but hopefully you spotted the untruths. For more info about keeping your data secure in the cloud, contact me.
Image courtesy of sheelamohan “Global Computer Network” / FreeDigitalPhotos.net”