Data Sovereignty: The Challenge of the Data Decade

In the next decade, data will represent the lifeblood of every organization. Learn how effective data management will enable companies to turn data into insights and take control of important data sovereignty concerns.

By Michael J. Morton, VP of Data Strategy and Development and Fellow at Dell Technologies

In the coming data decade, greater volumes of data will move through mobile networks in 10 minutes than in the entire year of 2007, according to Michael Dell. Even more than today, data in the 2020s will represent the lifeblood of every organization. Companies will trade in data, the new currency. Beyond that, data will soon represent nearly the sum total of the business itself.

And yet, according to the 2018 Dell Technologies Digital Transformation Index, nearly a third of business leaders globally (32%) don’t trust their own organizations to comply with regulations (such as the European Union’s General Data Protection Regulation), and one in three don’t trust their organizations to protect employee or customer data.

Some of these trust issues are exacerbated by data sovereignty complications. As with conventional currency, data increasingly falls under the control of the nations in which it originates and gets used. Of late, it’s become a complex battleground for two key reasons:

  • Data is in a highly mobile state. An organization that can claim the geographic origin and processing of the data it collects and handles can determine what nation governs that data, providing competitive advantages depending on the regulations of a given jurisdiction.
  • The clouds in which data reside are well-traveled. Many cloud providers store, backup, and support data in many different countries, and data is often shared across country borders.

Some countries now assert that companies can only share data with adequate protections in place. Model contract clauses for data transfers outside a region often provide guidance.

Yet companies are facing challenges pinpointing the location of their data and the status of their compliance with data sovereignty requirements at any given time. That’s understandable given that moving workloads to the cloud is a form of delegation—to free-up the IT department. However, outsourcing does not absolve companies of their compliance obligations.

Companies must take control of their data sovereignty issues. Better visibility into the clouds they use and increasingly capable Edge computing platforms offer solutions—but it all hinges on effective data management.

National Power Plays

Through the prism of data sovereignty, we can see the wider power of data—and the motivations behind certain geopolitical maneuvers to maintain sovereignty. Quite simply, a nation that controls the data within its borders gains advantages over those that don’t (or do so ineffectively). As data becomes ever more valuable, we will see more countries jostle over data sovereignty. For example:

  • Australia began considering new data sovereignty requirements for government data following concerns that sensitive information hosted on U.S. servers could fall under foreign scrutiny.
  • Indian Minister for Communications and IT Ravi Shankar Prasad said that India would not compromise its data sovereignty after the country blocked 59 apps from Chinese developers because of “sovereignty and security” concerns.
  • Europe’s proposed Gaia-X cloud infrastructure would create a European alternative to the U.S.-based cloud services that currently store most European consumer and business data.

Highlighting the powerful correlation between data sovereignty and competitiveness, Peter Altmaier, Germany’s federal minister for economic affairs and energy, said Gaia-X will help “further the digital sovereignty of Europe” through strengthening “competencies in key technologies” and push the development of a “potent gigabit-infrastructure.”

Consumer Protection and Trust

These moves and countermoves aren’t just happening on a country-level.

Recently, the regulatory compliance landscape has moved beyond corporate governance to laws and regulations that specifically protect the data of individuals. These rules safeguard the right of users to know how companies collect and use their data.

Examples from the U.S. include the California Consumer Privacy Act, which lets consumers delete the data companies hold about them and opt-out of companies selling their data. The Internet Bill of Rights provides a set of consumer data protection principles introduced by Congressman Ro Khanna to guide regulation and lawmaking.

The upshot for the consumer should be increased confidence in the security of their data and greater trust in the companies with which they do business. But companies must do more to shore up that confidence and trust. A recent study by the Pew Research Center found that 79 percent of adults in the U.S. are concerned about how organizations collect and use their data.

Trust—defined by Accenture as “a consistent experience of competence, integrity, honesty, transparency, commitment, purpose, and familiarity”—isn’t just a nice-to-have. It translates into tangible returns for companies that have it, and potentially billions in lost revenue for those that don’t.

Disrupting Data Sovereignty With the Edge

To some extent, national government agendas have collided with the nature of cloud computing, which allows data to cross borders easily. Fortunately, there is an emerging paradigm that enables us to separate data from the cloud.

The proliferation of sensors and low-cost, low-power compute and storage has boosted the rise of the edge—that is, the opportunity to process and store data locally while transferring less data to the cloud.

The Edge makes it easier to know where data resides and who governs that data. It helps from a security perspective, too, as data is less exposed to potential cyberattacks when at rest. Less travel means fewer opportunities to intercept, attack, and corrupt the data.

Preparing for the Data Decade

Developing a thorough understanding of where company data resides during its lifecycle and under whose jurisdiction is not an easy task. And even the mere prospect of having to contend with demanding new regulations can act as a perceived brake on innovation for companies not fully prepared for the data decade, in which data sovereignty is the norm. Contending with new regulations will also add to the cost of doing business.

Yet, more effective data management benefits companies, as well as nations and consumers. It can build trust, and consumers and governments alike will vote with their wallets accordingly.

Finally, insights gleaned from data assets are not subject to jurisdictional regulations and can be transferred freely throughout global organizations. Contending with new regulations—for example, potential data sovereignty-related rules requiring disclosure of data sources—will also add to the cost of doing business.

Effective data management will enable companies to unshackle these insights and transform their businesses in the data decade.