Data sovereignty and compliance – where is my business’ data stored?

In this post, we’ll explore the idea of data sovereignty and take a look at how it could affect your business’ cloud computing strategy.

Published on: 24 November 2016

Cloud computing is undoubtedly gaining ground amongst the small business population, bringing with it huge potential benefits in terms of direct savings, efficiency and growth enablement. Yet there remain some significant concerns, primarily around data security, and businesses are right to be wary of the risks. 

What is data sovereignty?

Data sovereignty refers to the concept that digital data is subject to the laws and legal jurisdiction of the country in which it is stored. This means that if a business stores data on servers overseas, or uses data centre services owned by a foreign company, that data could be accessed without permission or notification if local law permits. The Patriot Act, for example, allows the US government to access and examine any data stored within its borders or by US companies abroad.

Why is it such a hot topic?

In recent months, a number of countries have introduced new privacy controls to address data sovereignty issues. Recent Russian legislation states that the personal data of Russian citizens must be stored in Russia; and similar laws have been passed in Canada and Germany.

Other countries are likely to follow suit, adding a layer of complexity to the hitherto standardised cloud computing model. Cloud providers will need to keep up with the various changes in privacy controls and, where necessary, ensure their services comply.

Is compliance essential?

Every business’ data is different, and not every business will be directly impacted by data sovereignty issues. Some non-personal, non-confidential data can still be stored anywhere; however if you store your staff or customers’ personal data, operate overseas or plan to expand internationally, there may be some work to do to understand how data sovereignty affects you.

What should I be doing about it?

The first step is to monitor the appropriate data sovereignty legislation for the countries in which you currently do business, or plan to, in order to minimise any risk of non-compliance.

If you use a third party cloud computing vendor, read your contract carefully to understand where your data is physically stored. Select providers that are in a position to manage your data sovereignty as appropriate to your business (by country if necessary); their services should be designed to cope with international privacy laws. Make sure that each country’s data is housed where it should be (e.g. data pertaining to Russian citizens in Russia) and don’t forget to check whether it is replicated or backed up to other servers in different locations.

Cloud services

Cloud services are beginning to adapt to the changing landscape. Some providers are choosing to differentiate vertically, specialising in sectors such as healthcare or finance in order to offer specific expertise and compliance mechanisms. Others are starting to explore the concept of a ‘national cloud’, whereby data is held within a country by local providers and subject to the laws of that country.  

At Telappliant, our experience of providing global internet telephony solutions means we are uniquely positioned to help companies get the most from cloud computing. If you’re considering moving some or all of your IT functions to the cloud, talk to us about how to manage data sovereignty issues for your business.

Free cloudStore trial

Sign up for a 60 day free trial of cloudStore, our cloud based business backup solution. We use UK data centres to store our data and we replicate everything to two geographically diverse data centres.

Find out more about Telappliant cloudStore and start backing up your business data today.


Contact us     Start free trial


Related posts:

Newsletter signup

Share this article

Callback request