Features Pricing Learning keyboard_arrow_down How It Works Video GDPR Blog Case Studies Managed Campaigns For Small Business Open Free Account Free Marketing Plan Resourceskeyboard_arrow_down Why It Works Open Account Building Lists What Are Bounces? Why UK Based? Email marketing mistakes Email best practices Free email marketing templates Google analytics Email browser compatibility Domain verification Company keyboard_arrow_down Contact About Us Meet The Team UK Based Reviews Email Marketing Open Your Free Account

The Safe Harbour Agreement Breakdown.
Why you need to use a UK service provider.

play video
watch video

Important update if you are using a US service provider.

The EU has ruled in October 2015 that the US ‘Safe Harbour Agreement' (regarding transfer of electronic personal data such as email address) is invalid and no longer recognised.

safe harbour collapse
IMPORTANT NOTE: email blaster is entirely UK based, if you are an email blaster client, then the collapse of the US agreement does not affect you.

Using US based service providers and your Data

If you are currently using email marketing as a part of your marketing strategy. The chances are that you have a database on the cloud of your subscriber’s email addresses and possibly other associated information such as their name, company and contact details.


All UK and EU based companies are obliged to meet certain standards in terms of how this data is collected, stored, transferred and used. These standards are outlined by The Data Protection Act 1998 and The EU’s Data Protection Directive.

So, how does this relate to US based service providers dealing with UK clients?

The EU’s has stated the following guidance:


"The Data Protection Directive1 provides that the transfer of personal data to a third country may, in principle, take place only if that third country ensures an adequate level of protection of the data. The directive also provides that the Commission may find that a third country ensures an adequate level of protection by reason of its domestic law or its international commitments. Finally, the directive provides that each Member State is to designate one or more public authorities responsible for monitoring the application within its territory of the national provisions adopted on the basis of the directive (‘national supervisory authorities’). "


Court of Justice of The European Union

Press Release No.117/15 Oct 15


In the US, “The Safe Harbour Agreement” was created - to ensure that these standards are met. The Safe Harbour is the name of an agreement between the United States Department of Commerce and the European Union that regulated the way that US companies could store and process the personal data of European citizens.


What exactly are these standards that the EU regulates?:
  • Consent: Your subscribers must have agreed for you to store their private data such as their email address
  • Use: Your subscribers must agree as to how you will use their data, i.e for the purposes of sending your email newsletter
  • Review: Your data will be regularly reviewed and any information no longer required will be deleted.
  • Disposal of records: When deleting records, regarding electronic storage all discs and storage devices must be completely wiped and verified
  • Accuracy: All data must be kept up to date and any changes must be promptly executed
  • Security: Electronic data must be stored on servers meeting approved standards of security protocol
  • Transfer: If you are transferring data outside of the UK then you must obtain the consent of everybody included in your database of contacts
    • Third party processors: If you are using a third party to broadcast your mailings then you must have a written contract in place confirming their compliance with the Data Protection Act 1998

So what’s wrong with using a US based service provider to store my data?

It used to be the case that these standards were covered by The Safe Harbour Agreement, when dealing with US based companies who stored your data. For quite a while the EU have voiced concerns that US based companies were not adhering to UK and EU law.


In October the EU declared the framework of The Safe Harbour Agreement invalid and no longer recognised it as US companies were not abiding by it.


Read the full Court of Justice of The European Union Press Release

Can I still use US companies for my email marketing?

Now that the EU have declared the Safe Harbour Agreement invalid, US companies wishing to deal with EU/UK based companies can no longer rely on “self certification’ (confirming that they comply with The Safe Harbour Agreement). They must now create “Model Contract Clauses” - every US based company wishing to continue storing EU/UK data must create their own agreement with the EU


The big boys such as Google, Facebook, Apple & Microsoft are already doing this, but these bespoke agreements may not be a viable route for US companies that don’t have the resources to get involved with protracted negotiations with the EU law makers.

So what should I do?

The first thing to do is to check that your current supplier are storing your data in the UK, your UK based supplier may be using US based servers without you knowing. If your data lives outside of the UK then it’s time to consider a move.

What questions should I ask my current supplier or a potential new supplier of email marketing services?

  • Can you tell me where your servers are located that will be storing my data?
  • Is any part of your network based outside of the UK?
  • Is your software your own, or are are you a licensed re-seller of a US platform?
  • If your servers are based outside of the UK, have the company that owns the servers created a ‘Model Contract Clause’ that is recognised by the EU?

There will be a new agreement reached soon between the EU and the US surely?

Currently, the US are unwilling to agree to anything imposes any restrictions their governments access to EU citizen’s data, stored by American companies. The US has also refused to allow EU citizens permission to sue US based companies that misuse their data.


These negotiations have already been going on for 2 years. Last year Edward Snowden had revealed how the US government had accessed EU data. The NSA had routinely accessed US servers containing EU citizen’s data.

OK, so why should I consider using email blaster?

Relating to everything we’ve outlined above, here at email blaster we are proud to be 100% located here in the UK.

Every inch of our infrastructure is located within a 20 mile radius of our HQ in Silverstone Northants:
  • Servers
  • IP addresses
  • Support staff
  • Sales team
  • Software
  • Design & development centre

We don’t outsource anything, we are an entirely UK based email marketing service provider. Everything we do we are passionate about and we really don’t like sharing our toys with the other kids. To design and create the best software and support out there, we simply didn’t want to involve anyone else.

When you talk to us, you’ll be talking to people that designed and created email blaster. We think that makes us different.

Give us a call
Let's go
Where? Unit 10A
Burcote Wood Business Park
NN12 8TA
Email Blaster is a trading name of JC Peters Ltd registered in England & Wales no. 07168254
UK based servers.