As we continue to follow the developments and decisions around Brexit in the U.K., we want to address questions about the flow of personal data between the U.K. and EEA that some U.K.-based users of StorageCraft Cloud Products, including StorageCraft Cloud Services (SCS) and StorageCraft Cloud Backup, may have. Generally, StorageCraft believes that concern about such transfers is largely unwarranted. This is because the data centers used by StorageCraft in delivering these services are located in the EEA. As a result, personal data flows from U.K. data “controllers”—namely, our Cloud Customers—to an EEA-based data “processor”—namely, StorageCraft. There is no question that personal data flowing from the U.K. to the EEA will be able to continue post Brexit.
The U.K. government has explained that, for data headed from the U.K. to the remainder of the EEA, it will be business as usual in the post-Brexit world. This will be true regardless of whether Brexit happens on a “deal” or “no-deal” basis. If a “deal” is reached, a lengthy transition period will occur in which the U.K. will be treated as an EU member state. Data flows would therefore continue as normal. If no deal is reached, the U.K. government has already decided that changes to the personal-data transfer regime will be minimised. Specifically, the General Data Protection Regulation (GDPR) will be saved and converted into U.K. national law. The Data Protection Act 2018 will also be retained.