Premier Member Profile

techclean Sussex

Contact: Mark Austen
Address: 54, The Piazza, Eastbourne, East Sussex, BN23 5TQ
T: 01323 406333 | M: 07849 549722
.(JavaScript must be enabled to view this email address) | Company Website

techclean Sussex provides deep clean, hygiene & sanitising services to workplace IT equipment and server rooms.

Listed in: Cleaning Services

No More Safe Harbor agreement - and EU Businesses have to adapt.

Earlier this month,  the European Union’s highest court struck down the 15-year-old “Safe Harbor” agreement. Its downfall, with immediate effect, has opened a new era in the digital world. Not only major tech companies, but each and every small and large business in the EU has to adapt – right now. To understand the decision and cope with the fallout, read on.

The European Highest Court prohibits transferring EU citizens’ personal data to countries outside the EU. The Safe Harbor framework was an exception: it allowed EU companies to transfer and store EU citizens’ personal data to US companies that self-regulate themselves and agree to meet Safe Harbor principles.

What is the implication of the decision?
Private individuals are free to decide to store their data with US-based companies, at their own risk. But companies cannot transfer EU customers’ personal data to the US without the customers’ consent.

A customer name, email or home address, employee’s HR data, health information or any documents containing such data falls under this regulation.

As a result of the new rules, the 4,400 services that transferred data under the ‘safe harbor’ agreement should be avoided if you want to store, process or share personal data about your customers, employees or business partners.

This applies to all EU-based companies, so for example:
• a German hospital cannot use US web-based service to process patients’ data
• a UK firm cannot store HR data about employees in Box or Google Drive
• Facebook Ireland cannot share consumer data with US based Facebook Inc.
• A multinational’s German subsidiary cannot share their German customers’ or employees’ personal data with its US branch.

To minimize risks, EU businesses’ best choice is to use EU-based services, where the customer data is never processed in the US. How do you know which services are which? To see the full list of companies which used to rely on Safe Harbor, see https://safeharbor.export.gov/list.aspx

Dropbox users continue to unwittingly leak tax returns and other private data

“If you use the free version of Dropbox, you should not use the Share Link facility as it could be leaked to a third party.”  See https://grahamcluley.com/2015/04/dropbox-leak-tax-return/ for more information.

Advice for those thinking about Cloud Computing

You might already be using the Cloud for document sharing or maybe you are a little hesitant, due to press reports and scares over security.

It’s likely your employees, without your knowledge, are already accessing Cloud applications like Google Drive, Dropbox etc. from their office desk.

Know the Current Status within your organisation

If you are unaware of what your employees are using, you don't know where your information is or who is accessing it.   This represents a huge risk for organisations.  Not simply a risk of information escaping, but also the damage to your company’s reputation.

What can you do ?   

As a bare minimum, consider this checklist:-

Understand the tools your staff currently employ – establish what's being utilised, make sure it's being used legitimately and assess what sort of controls you need to put in place.

Do your homework.  Pick a Cloud provider with excellent security and these features:- 

  •  Look for “client-side encryption” as a minimum to stop others accessing, stealing or forwarding your data from the Cloud.
  •  Check the small-print. You don’t want to allow “a worldwide license to use, host, store, reproduce, modify, create derivative works, communicate, publish, publicly perform, publicly display and distribute such content.” (which is one popular provider's Terms & Conditions !)
  •  If an employee leaves, you should be able to deny them access immediately with one or two mouse clicks.
  •  Given the nature of US surveillance laws, your data should be stored on UK or EU servers only.
  •  Audit/Governance – for each document, you should be able to see who changed what and when and be able to segregate readers from editors/authors.
  •  Responsive, effective support.  When things go wrong, you want help there and then, not a week later.

Anything less than this is like putting your valuables in a safe – then leaving the door open - or giving a set of keys to someone else.  Make sure your head isn’t in the clouds or buried in the sand !