Before the world changed due to COVID-19, the GDPR (General Data Protection Regulations) came into force back in 2018. This impacted businesses across all industries and implemented strict regulation on the storage and transfer of personal data, with heavy fines as punishment for non-compliance.
Many cloud services, from those offered by Microsoft and Google to much smaller, niche services, are hosted outside of the EU – notably in the US – where the GDPR is not enshrined in law. Until yesterday, the so called “EU-US Privacy Shield” was a mechanism by which businesses within the EU and US could exchange data with each other under the auspices of being compliant with the GDPR.
No longer. Yesterday (16th June), the Court of Justice of the European Union ruled that any cloud services hosted in the US are incapable of complying with the GDPR and EU privacy rules. The Privacy Shield framework, therefore, lies in tatters and companies will likely need to sign up to non-negotiable contracts drawn up by Europe, already in use in other countries besides the US, to avoid heavy fines. Many larger providers already use these “Standard Contractual Clauses”. Microsoft are an example, and they’ve released a statement to this effect noting that use of their services fully complies with EU law irrespective of yesterday’s ruling.
O’Brien Media are very “data conscious” and ensure that the services we use are fully compliant. Our preferred platform for website data analytics, for example, is Matomo. We host this ourselves as an offering to our customers, and it’s physically hosted in London.
If you’re an O’Brien Media customer, we’d be happy to check your website for software and plugins that may be a problem and offer advice – just give us a call.
It is perhaps worthy of note that “Brexit” will make no difference to the UK’s adoption of the GDPR – it’s still in effect until the end of the transition period (December 2020), and will be retained in UK law at the end of this period.