Small Business – Data Security – Your Website And The European Union.


This is probably going to get a lot worse before it gets better.

Before you think I am off at some weird tangent and a rant about the European Union, I’m not.

However here are some important points that  I have raised before and will no doubt have to raise them then again.

If your business uses any form Cloud Based based web hosting (it’s nearly all cloud based) and you hold or store customer data on it, or use it to manipulate data then you are likely to be affected by this.

This is important and is something I have raised before. My fields of expertise is working with ‘small business  in the UK, importantly I have extensive experience with Financial Services, Accountancy and Legal firms who have to comply with the various data protection regulations; but this issue applies to just about all firms who store client data on their websites.

The EU has a term for this data  – personally identifiable information (PII) and if you store or collect this data a storm is coming, and has been building for a long time.

The problems stem from the EU’s opinion, some anti American sentiment along with  concerns about data being used for the wrong purposes or being accessed by others – Snowden revelations have not helped this.

From Wordfence – an online security specialist.

European law does not allow exporting of user PII unless companies can demonstrate they will protect a European user’s privacy and data. About 15 years ago the USA and Europe came up with the US-EU Safe Harbor agreement which has allowed US companies to store European data legally. This agreement was invalidated by the European courts last week.

Basically this is a storm that will be coming your way sooner than you think, in particular If you are using website hosting or storing client data on webservers outside of the EU like many UK firms.

Interestingly there has been some questions raised about the use of Dropbox, email servers and a range of other services that could make use of external storage  – like data backup for example.

It’s not clear where this is going to go, but you need to make some checks to see if your service provider is going to comply with the changing regulations, or make sure you put in place plan to move data to a provider based in the EU, before the fines start.

In all fairness this is not a new issue, if you have been using overseas email providers or the large automated email services provided by U.S based firms, then data protection implications have been around for a while. Problem is now the European Courts are getting increasingly grumpy and it’s more likely than not that your business will be affected by this. That said don’t say I didn’t warn you, and don’t bother contacting me with your anti EU rants, I am not interested.

If you want to talk about solving the problem then I look forward to helping you you can contact me here 


Image used under Creative Commons.

Scroll to Top