The US CLOUD Act, Privacy and that pesky GDPR

By now, we are ALL aware of those four little letters – G D P R

You’ve made sure that Consent is the absolute last “port of call” for obtaining and using personal data (the other Lawful Basis of Processing can be seen here )

You’ve audited your data, removed irrelevant or excessive data, created life cycles and retention rules, designed-in the ability to provide a relevant copy, and implemented strong and strict Data Loss Prevention systems (manual and automated).

All is looking good – you’re set; let’s go and make some money (to pay for all this regulatory change) and pay our colleagues.

Source: VPNExpress via

Then along comes the US #CLOUD Act – a nifty bit of legislation that will cut through all that pesky protection and compel US companies to give them, and other Governments, access to your data without your ability to lodge a complaint, and without warning.

If this gets Congressional approval, it makes a mockery of the GDPR and undermines its basic premise of personal privacy.

If you’re in the US – you can make a difference – click here to Stop the CLOUD Act

Elsewhere, chat with your MP (or Parliamentary representative), the local Data Protection Registrar (eg ICO), your central Government Justice agency – heck, anyone who may be able to help understand the interference this causes.

In the UK, how will the CLOUD Act affect #GDPR and what will the effect be of data stored in the UK by US companies like MS Azure, AWS or GCP? Does the upcoming Data Protection Act take it into account?

Read more about it:

About nedwos Marketing

we work closely with our Support and DevOps teams to help get our message out to current and future clients.

Comments are closed.