Skip to content
LegalVision UK

What Risks Does My Company in England Face When Storing Data in the Cloud? 

Avatar photo

By Thomas Sutherland

Updated on
Reading time: 5 minutes

Meets editorial guidelines

This article meets our strict editorial principles. Our lawyers, experienced writers and legally trained editorial team put every effort into ensuring the information published on our website is accurate. We encourage you to seek independent legal advice. Learn more.

Follow us on LinkedIn
Table of Contents

 

You must securely handle and store your company’s sensitive data as a business owner. Doing so is an essential requirement of the General Data Protection Regulation (GDPR). This article will explore the main risks of storing data in the cloud so your company can mitigate these and increase its chances of GDPR compliance

Storing Information in ‘The Cloud’

The ‘cloud’ is an IT term for online storage on a server off-site. So, rather than storing your information on a hard drive or storage device, your business can use a ‘cloud’ service that sends your data to a remote location elsewhere.

Advantages 

There are three reasons why most businesses favour storing data in the cloud.  

  1. You can access your company’s data anywhere rather than just on your premises. So if, for example, you are travelling to a meeting and want to quickly access a few documents you forgot to bring, you could do so on your phone or tablet.
  2. It tends to cost a lot less to store a sizable amount of data on the cloud than through expensive servers and hard drives at your premises. Also, upgrading and powering servers and hard drives costs more money. 
  3. For data retrieval reasons. If your company chooses only to store information on a hard drive or USB drive (and not to make regular backup copies elsewhere), the loss (or breakdown) of those devices could be devastating.  In contrast, a cloud-based storage system should continue storing your valuable information regardless of hardware failure. 
Front page of publication
UK Startup Manual

LegalVision’s Startup Manual is essential reading material for any startup founder looking to launch and grow a successful startup.

Download Now

Risks 

Despite the advantages of storing data in the cloud, there are also risks. These are as follows.

Cyber Attack

Modern cybercriminals are starting to attack cloud storage services. This is due to the potential information contained within them and because of their digital nature. Online data is easier to steal than information on your premises. This is because the cloud server is always connected online so attempted access can come from anywhere globally. Data stored on a local hard drive or USB would require physical access.

This cyber risk makes choosing a secure and safe cloud storage service with a good reputation essential for your company.  A few extra pounds for a more secure service is likely worth the outcome.  

You may also consider using an encryption key on sensitive information, which makes the data unreadable if you do not have access to the encryption key. Another way to protect against security threats is to use strong passwords for cloud accounts.

Sight of Your Data

Some business owners find it slightly counterintuitive to hand over their valuable and hard-won data to another company. However, it is possible the organisation could read the information or use it for its purpose. To mitigate this risk read the Cloud User Agreement (a User Agreement or Digital Storage Agreement) carefully. This document should detail the circumstances in which the cloud service provider can access or move your data.

Potential GDPR Non-Compliance

Some business owners erroneously believe that using a cloud storage platform passes the buck for GDPR compliance to another organisation. However, this is only partly true. The GDPR requires businesses in England to assess the security of cloud storage providers and ensure adequate safeguards are in place.

This means that your company is responsible for doing everything possible to verify that the cloud service provider is:

  • safe;
  • trustworthy; and 
  • takes appropriate steps to protect your data, which is likely to include personal data belonging to individuals.

Your business can assess cloud security by researching the security measures put in place by cloud companies and picking one of the most secure. Another method of determining the safety of cloud computing with certain providers is to conduct an internet search for any past cyber attacks or data loss.

The ICO can provide your business with a fine of up to £17.5m for a breach of the GDPR. Therefore, picking an illegitimate or unsafe cloud service partner could result in a hefty fine for your organisation.

Continue reading this article below the form
Need legal advice?
Call 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.

Key Takeaways

Storing data on cloud storage has benefits and risks. The risks include the risk of a cyber attack or sight of your data. You should mitigate the risks if your business uses the cloud for personal data. For example, you could research the security measures used by cloud storage companies and consider using an encryption key on sensitive information. Your company must protect personal data to avoid a heavy fine from the ICO.

If you need help ensuring good cloud storage practices, our experienced data, privacy and IT lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page

Frequently Asked Questions

How can my company assess the security of cloud providers?

Your business can assess cloud security by looking at its security measures and conducting an internet search for any past cyber attacks or data loss.

What else can my business do to protect against data theft from the cloud?

You can use encryption keys on sensitive information and strong passwords for cloud accounts.

Register for our free webinars

Protecting and Enforcing Your Brand

Online
Protect your brand from misuse and infringement. Register for our free webinar.
Register Now

Deal Structures 101: Understanding Equity, ASAs and Convertible Notes

Online
As a startup founder, understand your capital raising options. Register for our free webinar today.
Register Now

Common Legal Pitfalls for SaaS and Online Businesses

Online
Protect your online or SaaS business from common legal pitfalls. Register for our free webinar.
Register Now

GDPR Compliance Essentials for SMEs

Online
Ensure our business is compliant with GDPR and build trust with customers. Register for our free webinar.
Register Now
See more webinars >
Thomas Sutherland

Thomas Sutherland

Read all articles by Thomas

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

Related articles

4 Common Challenges Your Company Will Face With the GDPR in the UK

Five GDPR-Related Cybersecurity Mistakes Business Owners Make in the UK

Five Steps to Ensure My Business is GDPR Compliant?

Four Ways a Lawyer Can Help Your Business in England Comply With the GDPR 

We’re an award-winning law firm

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2023 Economic Innovator of the Year Finalist - The Spectator

  • Award

    2023 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2023 Future of Legal Services Innovation - Legal Innovation Awards