We recently wrote about the effect of a court decision (Schrems II) which means that any data flowing to a company in the USA under the Privacy Shield could no longer do so.
Believe it or not, this decision impacts on almost every business in the United Kingdom. Even yours.
Why? We all unknowingly use so many services where data flows to the USA because that is where the head office is, or where your UK service provider found the cheapest storage.
Imagine if they turned off the data lines to the US tomorrow, which by rights they must do. Would your business be affected if it can no longer use that software or access the data?
Where is your customer data?
It seems like a simple question because for some it will be in the PC on the corner of the desk, for others on the server in the room at the end of the corridor, but for many it will be in the Cloud. But even with the PC on the corner it is often more complicated than that if the PC accesses Cloud based services.
Many big companies provide their own Cloud to hold software and data, such as Microsoft 365, Adobe, Slack, Gmail, Zoom, DropBox, Mailchimp whilst others rent space in them. Some have Clouds in the EU/UK, so they, and you, are safe from this decision, but many are in the USA even if they are a UK service provider. If your cloud is in the UK/EU you have nothing to worry about. But do you know?
How do you find out?
You have to contact the provider and ask, and they will have to tell you.
If your data is held in the USA then you need to know under what legalising mechanism the data gets there (we will cover this in the next article). If it is, or was, the Privacy Shield then you are in trouble, and you need to discuss with them an immediate solution.
If you need any help having those discussion let us know.
PS If you don’t know where the Cloud is that has your data, it means you still need to execute one of the most basic steps required by GDPR which is to find out where data actually is.
For more information and support please contact our GDPR Specialist:
Ian Sinclair-FordGDPR Specialistian.firstname.lastname@example.orgT: 0151 305 9650 | M: 07786 394 679