Data Sovereignty Sins

Data Sovereignty refers to the concept that digital data must comply with the data legislation of the country in which the data is stored. This becomes important when considering migration to the cloud as there is not a universal data regulation applicable to all countries and therefore regulation can vary significantly between countries.

The cloud offers a variety of benefits for firms in terms of cost savings and efficiency gains and it is therefore unsurprising that the number of businesses migrating to the cloud is increasing year on year. Despite the surge in migration it is important to consider the implications of data sovereignty when deciding which cloud service provider to use.

A recent study, the UK Cloud Snapshot Survey 2017, conducted by Serviceteam IT aimed to determine whether UK businesses had considered the impact of Brexit on data sovereignty and whether this would lead to the relocation of cloud services back to the UK? The response to this question showed that 63% of businesses that participated in the research felt that there would be a data sovereignty issue as a result of Brexit. This highlights that there is still a significant proportion of businesses that are unaware of the consequences Brexit could have on data sovereignty.

When interviewed as part of this project, Head of ICT Ben Griffiths from Analysis Mason said:

“anything to do with Brexit is uncertain”.

It is this uncertainty surrounding Brexit that may therefore be the underlying reason for the large proportion of businesses that did not think there would be a subsequent impact on data sovereignty.

Data sovereignty is something that can have a massive impact on businesses but there is still great uncertainty surrounding this subject. The following therefor highlights 7 key things businesses need to know about data sovereignty:

1. Data legislation varies between countries

One of the most important things to understand is that there is no blanket legislation that applies to data across all countries. The data protection laws between countries can vary quite substantially. For example, in Russia and Germany the data protection laws are far stricter and require that data concerning the citizens of this country remains within the physical borders of the country. It is therefore important to fully investigate the data privacy laws that apply to the data that you hold.

2. Data sovereignty is not the same as data safety

Although similar, these two concepts are often confused as referring to the same thing. There is however a difference between these two terms. Data safety is often a priority within firms in order to safeguard the personal information of customers and employees. Data sovereignty on the other hand is regulated on the government level and is a set of laws cloud providers have to abide by.

3. Data sovereignty cannot be guaranteed by solutions providers

Service providers cannot actually guarantee that data will comply with data legislation. This means that organisations need to ensure that they understand the risks of storing their data in the cloud and have an understanding of their service providers position regarding data sovereignty.

4. Location of cloud service providers

When deciding which cloud service provider to use the location of their data centers may therefore be an important thing to consider. There is a strong possibility that it is possible to choose a cloud service provider that has its data centers located in a location that ensures compliance with the data protection legislation that applies to that specific data. The location of your cloud service provider should therefore be one of the first considerations when deciding whether or not to migrate to the cloud.

5. Ensuring you remain compliant

It is important to have an understanding of the laws not only in the country in which you are based but also in all countries in which your business operates. This helps to ensure that your business remains compliant with all legislation surrounding the data you hold.

6. Is your data compliant with the country it resides in

Is the data you hold compliant with the laws of the jurisdiction of the country you store it? More often than not, this aspect is completely ignored, especially when the data storage is provided by a solutions or cloud provider. For example, there have been a number of Government initiatives to restrict the encryption of data, such as India’s abandoned Plain Text storage law. In France until 1996 you could go to jail for encrypting a file without prior permission.

7. Understating the importance of data sovereignty

You may not feel that data sovereignty is a big issue but that is not the case. Non-compliance with data legislation comes with significant consequences. For example, within the EU if a company is found to not be compliant with the requirements of GDPR this can bring heavy fines for firms that can be up to €20 million.

Despite the demands of data sovereignty, this is not a reason to prevent migration to the cloud. Read more about data sovereignty.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply