Once data is off-site, an organisation may lose visibility and control but will still be responsible when it comes to regulatory compliance. In the cloud, logging and data for lots of clients can be hosted in the same place, unsegregated, or spread across a range of datacentres. The customer may not even know what country it’s stored in.
This will be no excuse for not meeting UK or European data protection requirements. Investigating potential breaches of law or regulation – such as rules on financial transations - could be difficult. In some industries, and for some processes audit trails are essential – this could help to dictate what you do and don’t put in the cloud.