If I back up in the cloud, is there a data protection risk I should be aware of?

Depending on where the servers are located and the nature of the material you are backing up you could potentially be sending personal data outside of the EEA and you would need to comply with the eighth data protection principle, but other principles of the Act will also usually be relevant to sending personal data overseas. For example, the first principle (relating to fair and lawful processing) will in most cases require you to inform individuals about disclosures of their personal data to third parties overseas. The seventh principle (concerning information security) will also be relevant to how the information is sent and the necessity to have contracts in place when using sub-contractors abroad.

This entry was posted in Information Risks, What we are being asked about. Bookmark the permalink.