The topic of data protection is rarely out of the news these days. It seems that every week another well-known business or brand announces a major data breach. Governments everywhere are reacting to increased consumer pressure to do something about data privacy. And the expectations of the customers themselves are higher than ever– not to mention their awareness and knowledge of how businesses capture and use their personal data.
Traditionally, connectivity has transcended national borders and political boundaries. We use digital services, communicate with others, and transfer files and data without even thinking about where things might be physically stored. But as our lives become ever more digitally driven, and the influence of these technologies grows, regulatory bodies are now catching up.
What are the best ways to ensure user privacy?
Waking up to data protection
Governments around the world are facing pressure to enact more comprehensive data privacy legislation, in response to increasing consumer concerns about how personal data and digital activity is being stored and used. It’s particularly notable when it comes to the cloud because a business can store its data in any number of different geographic regions regardless of where the company itself might be based – and if they’re using public cloud providers, they might not even know where their data is physically being stored. This is where questions of cloud data sovereignty – the concept that data stored in the cloud is subject to the laws and regulations of the country that has jurisdiction of the physical servers and premises being used – becomes far more relevant.
The world of data protection had a big wake-up call when the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) were passed. These two landmark pieces of legislation aimed to bring some degree of consistency around the collection and use of personally identifiable information – for one of the world’s biggest trading blocs and the US’ most populous state respectively.
Cross-border agreements
But regulatory and market environments are always shifting, and it’s fair to say 2022 will see more developments around data sovereignty and protection. We’ve already seen the UK Government consult on changes it’s proposing to regulation in this area, while within Europe, projects like Gaia-X seek to establish standards to create a sovereign cloud for the region, with the intention of making it easier for businesses to store and manage their data physically in Europe. In so doing, the aim is to increase Europe’s digital self-sufficiency.
The project involves seven different EU member states and hundreds of businesses, and given that fact, there will always be a degree of complexity involved, but once implemented, will ultimately be a good thing. Such initiatives could open new market opportunities for businesses, and overall, encourage more of them to put consumer privacy at the core of their strategy. Data privacy regulation is a force for good that enables businesses to maximise the value of their data without alienating their customers. While organisations are using data to make their products, services and operations better, they must do so in accordance with regulations that look after the public interest.
Why digital transformation success depends on good governance
Better cyber resilience
The direction of travel is towards a more complex regulatory environment, and that means businesses will have to get serious about their data protection and management capabilities. Many of them will need greater control over the residency of their data workloads, whether that’s by leveraging things like hybrid cloud architectures to get the benefits of both public cloud services and self-owned deployments, or moving towards edge computing to place data at the edge of the network – where the end users are located – instead of in central data centres.
While the residency question is important, a big part of modern data protection is also about building cyber security resilience. Everyone within an organisation needs to exercise good digital hygiene – train your employees about the role they can play as the first line of defence, regularly patch and update systems, and get serious about backups. Veeam advocates the 3-2-1-1-0 rule: there should always be at least three copies of important data, on at least two different types of media, with at least one off-site, one offline, with zero unverified backups or backups completing with errors. Given that this level of protection means you are likely to be keeping a lot of backup data, which itself can be used as a weapon if it falls into the wrong hands, it’s also important to make sure this data doesn’t itself become a risk, and is safe from the hands of cyber criminals.
As always, trusted partners can help businesses navigate their changing responsibilities around modern data protection and data sovereignty. Modern business is defined by their accessibility to data and insights, and so every sector has an interest in getting this right. Partners can help advise on things like how a positive culture around compliance and cyber security can be created, where regulatory best practice and digital hygiene are seen as strategic priorities as opposed to box-ticking exercises. They’ll also be able to recommend where investments in the right modern data protection solutions need to be made, that are fit for purpose as well as compatible with the cloud-native way today’s business landscape increasingly operates.
Data sovereignty will be a hot topic through 2022 as it continues to gain traction in overall business priorities. But as the regulatory environment around the world tightens, businesses shouldn’t feel like they’re being caught out – in fact, it’s a huge opportunity for them. By taking the time to look at their overall modern data protection and management strategies afresh, they can make sure 2022 is as successful for them as possible.