As cloud computing becomes more popular and experiences widespread adoption, the cost of using a cloud provider, as opposed to maintaining your own data servers, could give your business a competitive advantage.  But when your business stores personal data on someone else’s servers a degree of control over this sensitive data is lost.  Beware, data privacy laws do not permit the cloud user to shift the risk of violation solely to the cloud provider.  Staying compliant with data protection laws around the world will require you to ensure that any cloud provider also abides by the same regulatory and legal requirements.  Transfer of personal data outside of, the EU, for example must comply with EU data protection law and any other local data protection laws.

Although Cloud providers may not provide an easy path to negotiate changes to their standard terms and conditions, your business may nevertheless be responsible for violations of the law.  Examining the cloud provider’s privacy policy, security, redundancy practices and disclosure policy will allow you to make an informed decision.  Push for changes to terms and conditions that would impose risk of noncompliance with data protection laws.

Know where your cloud provider is located, the legal environment with regard to data protection varies significantly from country to country.  Data protection laws in Asia, have not caught up with other regions in introducing laws regulating data sovereignty, cross border data flow and data security.  Yet the cost of a cloud provider located in China, for example, could be much lower than one located in the EU.  The cost, however, of a violation of data protection laws could bring the overall costs much higher than using that budget cloud provider located in a country that does not sufficiently protect the personal data collected by your business.