Those companies who are putting their data into the cloud must realise that not all providers are created equal and one must do their due diligence to ensure they avoid storing data in places with data sovereignty laws.
Daniela Sawyer of FindPeopleFast, speaking from firsthand experience, found that “verifying that data exists only at allowed locations is difficult. It requires the cloud customer to trust that their cloud provider is completely honest and open about where their servers are hosted and adhere strictly to service level agreements (SLAs).”
It isn’t just the smaller companies having issues. In May 2021, the EU’s European Data Protection Supervisor opened a probe into how entities within the EU were using both AWS and Azure to answer the question: Are they adequately protecting the privacy of their users? Expect data sovereignty to increase OPEX
Operating expenses are being impacted by data sovereignty. Attila Tomaschek of ProPrivacy commented, “Additional ongoing expenditures include continuous staff training on cybersecurity best practices, investment in new technologies and network monitoring tools and bringing on additional personnel such as a data protection officer, compliance officer or other staff dedicated to securing business data and complying with data sovereignty laws.”
A similar view is shared by Jesse David Thé, CEO of Tauria, who shared how his entity navigates through GDPR: “We need to show a specific data trail of how we obtained someone's contact information. They have a right to be forgotten from our system and we must have explicit permission to send them marketing emails. This data exists within our walled garden, and we can't share it with any of our partners for example. Neither can a partner share client contact information with us unless the client gives permission.”
Thé noted how the need to comply drove their OPEX up and was instrumental in the decision to hire “a CIO to help us ensure our GDPR compliance.” He continued how small companies will need to budget for this.