Data Sovereignty refers to the concept that digital data must comply with the data legislation of the country in which the data is stored. This becomes important when considering migration to the cloud as there is not a universal data regulation applicable to all countries and therefore regulation can vary significantly between countries.
The cloud offers a variety of benefits for firms in terms of cost savings and efficiency gains and it is therefore unsurprising that the number of businesses migrating to the cloud is increasing year on year. Despite the surge in migration it is important to consider the implications of data sovereignty when deciding which cloud service provider to use.
A recent study, the UK Cloud Snapshot Survey 2017, conducted by Serviceteam IT aimed to determine whether UK businesses had considered the impact of Brexit on data sovereignty and whether this would lead to the relocation of cloud services back to the UK? The response to this question showed that 63% of businesses that participated in the research felt that there would be a data sovereignty issue as a result of Brexit. This highlights that there is still a significant proportion of businesses that are unaware of the consequences Brexit could have on data sovereignty.
When interviewed as part of this project, Head of ICT Ben Griffiths from Analysis Mason said:
“anything to do with Brexit is uncertain”.
It is this uncertainty surrounding Brexit that may therefore be the underlying reason for the large proportion of businesses that did not think there would be a subsequent impact on data sovereignty.
Data sovereignty is something that can have a massive impact on businesses but there is still great uncertainty surrounding this subject. The following therefor highlights 7 key things businesses need to know about data sovereignty:
1. Data legislation varies between countries
One of the most important things to understand is that there is no blanket legislation that applies to data across all countries. The data protection laws between countries can vary quite substantially. For example, in Russia and Germany the data protection laws are far stricter and require that data concerning the citizens of this country remains within the physical borders of the country. It is therefore important to fully investigate the data privacy laws that apply to the data that you hold.
2. Data sovereignty is not the same as data safety
Although similar, these two concepts are often confused as referring to the same thing. There is however a difference between these two terms. Data safety is often a priority within firms in order to safeguard the personal information of customers and employees. Data sovereignty on the other hand is regulated on the government level and is a set of laws cloud providers have to abide by.
3. Data sovereignty cannot be guaranteed by solutions providers
Service providers cannot actually guarantee that data will comply with data legislation. This means that organisations need to ensure that they understand the risks of storing their data in the cloud and have an understanding of their service providers position regarding data sovereignty.
4. Location of cloud service providers
When deciding which cloud service provider to use the location of their data centers may therefore be an important thing to consider. There is a strong possibility that it is possible to choose a cloud service provider that has its data centers located in a location that ensures compliance with the data protection legislation that applies to that specific data. The location of your cloud service provider should therefore be one of the first considerations when deciding whether or not to migrate to the cloud.
5. Ensuring you remain compliant
It is important to have an understanding of the laws not only in the country in which you are based but also in all countries in which your business operates. This helps to ensure that your business remains compliant with all legislation surrounding the data you hold.
6. Is your data compliant with the country it resides in
Is the data you hold compliant with the laws of the jurisdiction of the country you store it? More often than not, this aspect is completely ignored, especially when the data storage is provided by a solutions or cloud provider. For example, there have been a number of Government initiatives to restrict the encryption of data, such as India’s abandoned Plain Text storage law. In France until 1996 you could go to jail for encrypting a file without prior permission.
7. Understating the importance of data sovereignty
You may not feel that data sovereignty is a big issue but that is not the case. Non-compliance with data legislation comes with significant consequences. For example, within the EU if a company is found to not be compliant with the requirements of GDPR this can bring heavy fines for firms that can be up to €20 million.
Despite the demands of data sovereignty, this is not a reason to prevent migration to the cloud. Read more about data sovereignty.