10 August 2018
Cloud solutions tend not store data for small companies on its servers. Instead, the data is stored in data centres in the US (such as in the case of Dropbox). Similarly, OneDrive enables some users to locate their data within the EU but general users do not have that option.
This makes it tough for organisations to comply with GDPR requirements, particularly where there is a cross-border transfer of data. Some of the larger software providers, including Microsoft Azure, Google and AWS have implementing 'GDPR-ready' platforms. Microsoft also offers a compliance portal, while its OneDrive - as part of Office 365 – means the location of the data is tied to the Office 365 billing address. Sharefile by Citrix is another which enables storage within the EU jurisdiction.
Away from these platforms, it is of course possible to encrypt the data before it is stored in the Cloud. That way, it matters less the location of the server, as the Cloud service provider, such as Dropbox, will have no access to the data. Encryption and holding keys before the data leaves the organisation is perhaps the most sensible way to overcome such an issue, while pseudonymising data in cloud SaaS applications should also be considered.
To find how our friendly and knowledgeable solicitors can help you, contact us today.
Make a free enquiry - Call now - 0151 659 1070
