In keeping with the increasing importance of data in the global economy, governments have become more given to putting restrictions on the flow of data across their borders. According to a new report from the Information Technology and Innovation Foundation, there’s has been a marked increase in the number of countries putting up regulatory barriers to keep data from moving freely, from 35 in 2017 to 62 today. As a corollary development, there’s a push for companies to host information on home soil to ensure data privacy, national security and the protection of local industries. Although laws like the EU’s General Data Protection Regulation don’t necessarily require that data be stored locally, an increasing number of governments are doing so. But there’s a catch: data held tight within borders may be easier for governments to monitor and regulate, but it also means that some businesses will miss out on great opportunities.
Localization goes global
Some countries require that data be stored within their borders, and others additionally demand that businesses and other organizations that process and transmit sensitive data maintain a physical presence within the relevant nation. Recent developments in data privacy laws — including regulations in countries around the world — are putting significant pressure on global companies to ensure that corporate operations and customer handling procedures are compliant with data security requirements. But how to meet these diverse technical, legal and commercial strictures? We will get to that in a bit.
Data localization and the policymakers’ dilemma
As regional economies move to put data localization policies into place, there are two divergent paths upon which the global community might function. One is practiced by China, which restricts data flows and forces companies to operate according to its laws. The other, followed by a number of countries (including the United States and some parts of Europe), allows for a relatively free flow of cross-border data.
Today, information is the most valuable resource in the world. Similarly, the most important assets of any company are its IP and brands — essentials that serve as gateways to their products and services. For example, Alibaba, Alphabet, Amazon, Apple, Facebook, Microsoft, Tencent and Visa are among the largest companies in history, and much of their essential infrastructure is held on the cloud — with information flow spread across vast distances, in both authoritarian regimes and republics. But how to arrive at a standard that fits all their needs?
Going local, one small step at a time
As highlighted earlier, data privacy regulations (data localization in particular) come with their own set of challenges. Creating a model that enables you to localize easily will give you the freedom to focus on meeting customers’ needs, no matter where they live or what language they use. Given that, the best course of action is to take a risk-based approach, with a holistic team that continually reviews data techniques and relates them to the business’s goals.
Data can be grouped into two categories. The first is associated with corporate operations such as marketing, HR and finance. Such data can be made anonymous and then entered in a highly secure and efficient manner (e.g., end-to-end encryption). The second involves personal customer data. A good way to assess risk in this category is to conduct an inventory of your data practices within the limitations of GDPR, which requires, among many other stipulations, that “…each controller and representative shall keep a record of processing activities”.
Where’s the meeting point?
Ultimately, companies trying to compete need to have a solid grasp of their data flow and how it is stored. That said, it would be a big mistake to think of data maps as permanent records of your organization’s information flows; every time a decision-making process or department structure changes, or some data is added in a new format, you need to revise data maps to reflect that change.
Although the best hope for data localization is to develop uniform controls and standards that countries around the world can adopt, the balkanized landscape of data in motion will continue to shape how global businesses operate, and cloud providers have already begun to address this challenge of localization by offering specifically designed solutions.Internet Explorer Channel Network