Skip to content
LegalVision UK

Your Legal Responsibility to Protect Digital Data Stored in the Cloud in England

Avatar photo

By Thomas Sutherland

Updated on
Reading time: 5 minutes

Meets editorial guidelines

This article meets our strict editorial principles. Our lawyers, experienced writers and legally trained editorial team put every effort into ensuring the information published on our website is accurate. We encourage you to seek independent legal advice. Learn more.

Follow us on LinkedIn
Table of Contents

Your business collects and stores vast amounts of information. Many businesses resort to storing digital data in the Cloud to overcome these storage issues. However, if you store information on a cloud-based service, you risk this data by exposing it to cyber-attacks or losing the information. This article will explore the risks associated with storing information in the Cloud and how your business can seek to protect its cloud-based digital information.

What Does it Mean to Use ‘The Cloud’?

Holding data in ‘the cloud’ simply means that you upload information to another location through the internet. Most cloud-based setups see companies upload their data to a server through an online service such as Google Drive.

The two main reasons Cloud computing is so popular are cost and convenience.

Cost Based Benefits

Cloud computing tends to be relatively cheap. Furthermore, your business eliminates the costs of digital storage devices such as large hard drives or servers. This is also beneficial as hard drives and servers have a finite lifespan. Furthermore, storing data on numerous stage devices can be expensive and time-consuming. 

Convenience Benefits

Using cloud-based services is convenient because your laptop, tablet or smartphone can access your company’s information anywhere. Moreover, you no longer need to carry a large hard drive. 

What Are the Risks Involved With Cloud Storage?

Cloud-based services are prone to cyber-attacks. Naturally, if you can access your company’s data remotely, so can hackers and cybercriminals. Accordingly, business owners must weigh up convenience and flexibility against cyber security.

The main risks of storing data on the cloud include:

  • your company relying on the security of a third party, rather than being in control itself;
  • your organisation may find that another company has the right to access or amend your data; and
  • the Cloud may store your business’s information in another country with less stringent data protection rules than in England.  
Continue reading this article below the form
Need legal advice?
Call 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.

How Can My Company Mitigate the Risk of Storing Information in the Cloud?

The first step is to pay close attention to any user agreement. This is also known as a Cloud user agreement or digital storage agreement). The wording of this document will outline how the Cloud protects your data. A weak user agreement will not protect your information from access by a third party and will not prevent loss or damage to your data. In contrast, a strong agreement will address these points. Furethmore, it will confirm that your organisation can receive a copy of its data following termination of the cloud storage period, rather than deleting your information at short notice.

Furthermore, you should consider storing a backup of your most essential data on a physical hard drive or server to protect against the cloud-based server becoming unavailable. Most business owners will protect the most critical and crucial data rather than all of it.

Why is This Relevant to Data Protection Law in England?

Protecting information within cloud environments is essential for businesses. The General Data Protection Regulation (GDPR) requires your business to take adequate steps to protect personal data. If you fail to meet these requirements, the Information Commissioner’s Office (ICO) can issue your organisation a fine of up to £17.5m for a breach of the GDPR. This fine applies to sensitive data storage onsite and on a cloud provider. Therefore, your company must assess the security of that data storage method and ensure that adequate safeguards are in place.

Key Takeaways

The Cloud can be a useful method to for businesses to store data as it reduces costs and hardware and allows you to access data remotely. However, the Cloud is susceptible to cyber-attacks and data security breaches, which do not affect traditional hardware storage. Therefore, if you use a cloud-based service, you must ensure you take adequate security measures. The GDPR clarifies that your organisation must do everything to ensure good data privacy. Failure to comply with these requirements may lead to a fine. 

If you need help with data protection requirements and safe storage of company information and personal data on cloud-based servers, our experienced Data, Privacy and IT lawyers can assist as part of our LegalVision membership.  For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page.

Frequently Asked Questions

Why does the GDPR cover information stored by someone else on my company’s behalf?

Our data protection laws do not care about who holds the information on behalf of your organisation. Instead, it states that your company should store that information securely and with adequate safeguards against theft or loss.

Are there any ways of limiting the risk of data misuse from the cloud?

Some businesses limit the use of mobile devices to minimise the risk of unauthorised access, whether by staff members or third parties. Additionally, limiting access to the cloud to company-registered computers or laptops is an excellent way to guard against data breaches.

Register for our free webinars

Protecting and Enforcing Your Brand

Online
Protect your brand from misuse and infringement. Register for our free webinar.
Register Now

Deal Structures 101: Understanding Equity, ASAs and Convertible Notes

Online
As a startup founder, understand your capital raising options. Register for our free webinar today.
Register Now

Common Legal Pitfalls for SaaS and Online Businesses

Online
Protect your online or SaaS business from common legal pitfalls. Register for our free webinar.
Register Now

GDPR Compliance Essentials for SMEs

Online
Ensure our business is compliant with GDPR and build trust with customers. Register for our free webinar.
Register Now
See more webinars >
Thomas Sutherland

Thomas Sutherland

Read all articles by Thomas

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

Related articles

4 Common Challenges Your Company Will Face With the GDPR in the UK

When Could Your Business Face a Fine From the ICO for Breaching the GDPR in the UK?

Does My Business Need a Cybersecurity Policy?

What Are the Seven Main Principles of the GDPR in England?

We’re an award-winning law firm

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2023 Economic Innovator of the Year Finalist - The Spectator

  • Award

    2023 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2023 Future of Legal Services Innovation - Legal Innovation Awards