If my data is stored locally, does it automatically mean that my backup is local and in the UK?

Given businesses’ need to store data safely and make multiple backups, we’re often asked whether we store data locally and whether backups are made in the UK. 

Your Backups Are Best Hosted In A Separate Facility To Mitigate Risk

For backups, we use a separate UK based facility to ensure that if a disaster happens such as the fire at French cloud computing provider OVH, back-ups will not be destroyed at the same time as the original data. However this may not be the case with another cloud provider.

There are many reasons why it is critical to keep backups at secondary and tertiary locations, separate from the main site. 

First, computers can crash – even expensive servers used in data centres – and that can lead to data loss, corruption and access issues. 

Secondly, data server hard drives can fail without warning and in addition to this, recovering data from modern storage devices, such as SSDs, is often substantially more challenging that previous generation HDD technology. 

Viruses can also compromise local data servers. Infections can disable all the computers in a specific location, necessitating off-site backups elsewhere. 

Theft is also a concern in some locations. Thieves may steal physical server hardware and all your data along with it. 

Then, finally, there is the risk of physical damage. Storms, earthquakes, flooding and other localised natural disasters can render cloud servers inoperable. 

In light of this, it makes sense to distribute data among servers far and wide. This can be done automatically, according to a protocol we set for you and in our systems will be at different UK based locations. 

Do You Have To Store Data In UK Data Centres? 

Since leaving the EU, GDPR regulations are being replaced and soon will no longer apply to the UK. Instead, operators must follow Data Protection Act 2018 (DPA 2018) – an act that essentially mirrors GDPR and adds  “meat to the bone” in some places. The legislation applies to controllers and processors located in the United Kingdom (with a few exceptions).

Regulators believe that individuals risk losing protection if they transfer their data abroad. Because of this, businesses face restrictions on the transfer of personal data outside of the UK. In some special circumstances (such as when it is clear that the individual’s rights to protection are maintained in another way), cloud service providers may be able to transfer data out of the country, but this rarely applies. Most data flows of this type fall under the definition of a “restricted transfer.” 

In light of these laws, organisations need to be careful. In some sectors, it is mandatory to host the data in the UK due to data protection regulations. However, some data centre operators have automatic backups outside of the UK, meaning you should always be clear on where your backups are. 

If cloud services store data abroad, they need to follow so-called “adequacy regulations.” These determine whether the location in which you want to store your data offers adequate protection for individuals. They’ll also need to ensure that they put “appropriate safeguards” in place, as referred to in UK GDPR. If they don’t, then any transfers of personal data out of the UK could be illegal.