We have all heard about the Cloud, and all use it, but have little idea about it or even if we actually use it – but now we need to check a few things after an important court decision in July 2020 about how personal data can legally move backwards and forwards to USA Clouds.
A Cloud is a massive warehouse or warehouses of computers which hold websites, data, software and entire businesses that connect to our PCs through the internet. Your own personal data will be in one or more Clouds around the World.
Due to the fact our law takes data privacy and protection seriously, that means other countries don’t, so our law says no personal data can go to any country with weaker laws than ours unless certain criteria are met. The USA is considered a weaker country, and one of the mechanisms that allow our personal data to go there, called the Privacy Shield, was struck down by the courts in July.
That means any business that was using the Privacy Shield as the way to legally move personal data to Clouds in the USA no longer can – and that means no data can move backwards and forwards, which means your data could be stuck in the USA or worse, that the software you use to process personal data has to be turned off. A lot of the services we use engage with USA based Clouds, such as Microsoft 365, Adobe, Slack, and hundreds of others.
The simple fact is that our law requires that we know where personal data is held, know if it is moved out of our country and which legal mechanism is in place, and then we have to reflect this in our Privacy Notices and get customer consent (or we cannot do it anyway).
Luckily, the providers of the services we use also need to know which Clouds they are using to hold our personal data or the software we use, so they can tell you, and tell you which legal mechanism they have put in place to permit it. Just hope it isn’t Privacy Shield.
Now is the time to ask these questions, because it is not just for USA Clouds that this has implications.
More technical blogs will follow for those who really want to know more.
For more information and support please contact our GDPR Specialist:
T: 0151 305 9650 | M: 07786 394 679