I guess I don’t need to tell most of you that the internet is a global phenomenon. Anyone who has used a web browser will more likely than not have visited a website that is hosted in a different country, possibly without even realising it.
And for most people using the web, that’s probably just fine.
But for businesses it is a different matter and there is a lot more to take into consideration when deciding where to host a website or which services to use.
There is a financial aspect to consider if you host your site in a country that uses a different currency. In a worst case scenario, your hosting could because much more expensive just due to a bad exchange rate.
Then there is the issue of taxing the income that you create with your website. What happens when the host country decides they want their cut of the profit, in addition to the country where your business is based? Even worse, your local tax office could decide that your website is creating overseas income and tax you at a higher rate.
Another consideration is what happens when you have a problem with your hosting service, but are unable to contact them or get the issue resolved. Taking them to court may not be an easy option, although if you need access to your data quickly then you may have to.
And speaking of data, what happens to all of your customers’ data if a local law enforcement agency decides to access it, possibly quite legally?
Of course, what applies for web hosting applies to services that you may use as well. So if your helpdesk system is being run by a company in a different country, or if you back up your customer database to cloud storage overseas then you are – like it or not – exporting someone’s personal data.
Luckily there are rules governing data transfers within the European Union, so having your server or service provider in a different EU country is not so much of a hassle as it could be.
But when the data leaves the EU borders, you need to have informed your clients that it is doing just that. You also need to make sure that the data is still protected in a similar way to how it would be within the EU.
This is where something called the “Safe Harbor Agreement” comes in. Put simply, it is an agreement between the E.U. and the U.S.A., and companies in the U.S. can sign up to it and be certified that they are storing personal data there according to E.U. standard.
Of course, you should still be telling people in your privacy policy that you are using companies that are part of the agreement, but it at least it doesn’t seem as bad as asking them for permission to export their data to someone perceived to be unsafe.
I’ll explain more about the Safe Harbor principles another time, but for now here are some of the services that I have been able to confirm are certified (as of May 2012):
- Zendesk – our helpdesk system
- Mailchimp – a mailing list provider
- SugarSync – a cloud storage system for backups and file synchronisation
- Microsoft Office 365 – the cloud version of Office
- Amazon.com – useful if you use S3 storage, although you can set your bucket to “Ireland” anyway
- Disqus – a comment system
- Clickbank – a merchant system
- Dropbox – a cloud storage system
- AWeber – a mailing list provider
I’m please to say that Dropbox and AWeber are recent additions to the list, as their certifications are only a few months old. By contrast, e-junkie still does not appear to be certified, at least according to their own website.
So maybe it’s worth taking a moment to think about where exactly you are hosting your website and storing data about your employees or clients, and make sure that you are not “exporting” it or leaving yourself open to tax problems when your business grows.
Can you think of any other issues that EU-based businesses have when they use US-based services? Leave a comment below and let me know.
About Graham
Speak Your Mind