If personal data is transferred outside certain European countries, the provisions of the eighth Principle come into play. Storing data on a cloud provider’s system abroad counts as a transfer, even if the data is not intended to be used anywhere outside the UK.
As discussed above, it is quite common for a cloud application to be provided by a chain of subcontractors. It is necessary to examine the entire chain in order to assess whether the eighth Principle is engaged.
The eighth Principle aims to achieve an equivalent level of protection for data transferred abroad to that it would receive within the UK.
This level of protection is automatically provided if the jurisdiction to which ...