Client Portal
MIGSOLV Poppy

Do you know where your data is?

Blog Logo

The BBC recently reported on a story about an Austrian privacy activist, (Max Schrems), and how he had requested to see his personal data that Facebook stored, and the fact that he was mailed a CD-ROM with a 1,222 page document of 'stuff' about him, (read the full story here). What is interesting about this story is the amount of duplication that takes place and the whereabouts of that duplicated data. Of course, the sheer volume of data that is held, and the level of detail that is within it, is frankly frightening, but where that data ends up is, for any business, at least as worrying, if not more.

Facebook is primarily used by individuals, (1.65 billion according to the BBC, even more if you believe Facebook), but it is also used by businesses. And this raises a serious question – if your business uses Facebook, do you know where the data is being held? All of the major Cloud providers duplicate data, as a matter of course, and distribute it amongst their own data centres. Facebook uses a number of data centres worldwide, are they all located in regions or countries that have the same data privacy laws as we do?

It isn’t just Facebook either. Amazon are by far the largest Cloud provider in the world with 34 data centres spread all over the world. Microsoft, IBM and Google also have data centres distributed across the world. For businesses, this duplication of data and the distribution of data centres might represent significant risk.


Data is the lifeblood of any modern business. Without it, there is no business. Governments around the world have taken the security and sovereignty of data very seriously indeed. In the European Union there used to be privacy protection for EU data held by US companies in the form of an agreement called ‘Safe Harbour’. That was challenged in the European Courts and deemed not sufficient protection. A new agreement has recently come into force called ‘Privacy Shield’, but is this enough? It may, (and it is so new that it is difficult to yet say that it will), provide sufficient protection for EU data held on US servers, but it is exceedingly unlikely to afford protection against this duplication of data.

Part of the problem comes from the fact that these huge US Cloud providers don’t just have their US entities. Most, if not all, have subsidiary companies that are registered locally, that are often owned by companies registered in tax havens. If, for example, you upload your business critical data to a Microsoft Azure virtual server in the UK, there is nothing to stop that data from ending up in an Asian or a South American data centre through their routine duplication of data. Of course, you probably uploaded the data to a server that is owned and managed by Microsoft Ltd, but when they duplicated the data to another data centre elsewhere, it might now reside on a server owned and managed by Microsoft Korea or Microsoft Columbia. Will these countries respect the EU Privacy Shield? Do they have any data protection laws that you can rely on for your UK created data?


If you think your data is important to your business, be it email, CRM, websites, intellectual property or something else, would you not be happier knowing where that data is? MIGSOLV guarantees that your data will be held in the UK and we guarantee that the only people with unfettered access to it will be you. If you would like to know more about how MIGSOLV will protect your business critical data, why not contact us and we’ll be happy to talk to you about it.