So, the deadline of the 31st January 2016 has now passed, and there appears to be no progress on a replacement for safe harbour for EU citizens in the US.
Impact of Safe Harbour to Technology Companies
This has left US companies, (and EU companies using US data centres, Microsoft, Google, Amazon) at a disadvantage as US intelligence agencies can still request access to EU data stored on their servers. Now, some companies are attempting to circumvent this issue by saying that they are self certifying, or using a new explicit model framework agreement with end users. However, any contractual agreement with an end user is still over ruled by the legislation of the territory that the technology company is based in. Thus, the US intelligent agencies can still request and read the EU data stored in the US or in the EU.
Safe Harbour Interim Recommendations for Data Backup
The way around this, is for all companies needing to store EU data in the cloud, for off-site data backup, to do so only within the EU and only with an EU based company. This applies for both US companies and EU companies.
Safe Harbour Compliance
For example, we are an Irish company with a branch office in the UK. We no longer have any servers within the US, and in October 2015 removed our server cluster from within the US. This no longer leaves us exposed to this issue as we are not subject to US law, however, we can still assist US based technology companies with data storage as we are fully located in the EU, registered as a data processor, and not subject to US laws as our parent company is Irish, not American.
If you require us to help you with your data hosting, data storage, and safe harbour data compliance, please feel free to call us, we will be more than happy to help.
RKive IT is a trading name of Mark Andrew Smith Limited.
Mark Andrew Smith Limited
22 Northumberland Road
Republic of Ireland
+353 1 254 2801