Re: Solution
The DPA makes no allowance for encrypted data. If you're storing names, addresses or personally identifiable information, you ARE subject to the DPA and cannot move that data out of a "known" zone. So a datacentre is fine but "the Cloud" - which means your data sits somewhere within a whole region and not in a place you can give an address for - is a breach and can be prosecuted. And will be. The DPA is enforced pretty hard.
Biting the hand that feeds IT
