Data Sovereignty and Enterprise Data Management: Extending Beyond the European Union General Data Protection Regulation

Data sovereignty refers to privacy legislation governing information that is subject to the laws of the country where the information is located or stored. Data sovereignty impacts the protection of data and is affected by governmental regulations for data privacy, data storage, data processing, and data transfer across international borders.

The European Union's General Data Protection Regulation is a recent example of a data sovereignty law. Other examples include Australia's Privacy Act, Canada's Anti-Spam Law, the People's Republic of China's Cybersecurity Law, and Russia's Personal Data Localization law.

Data sovereignty laws are emerging as a key impediment to cloud-based storage of data. These laws also have an impact when information is created in one country but then is moved to another country for storage, analytics, or processing. Data sovereignty is thus becoming increasingly important to multinationals with business operations, customers, and employees in several countries. It is crucial for organizations to be able to accurately identify who has control and access to their data-wherever it is located.

As with all enacted regulations, compliance requires a sound data governance program with effective enterprise data management. Data governance is the formulation of policy to optimize, secure, and leverage information as an enterprise asset by aligning the objectives of multiple functions. Enterprise data management refers to an organization's ability to precisely define, easily integrate, and effectively retrieve data for both internal applications and external communication.

This book, geared toward business users, outlines 16 core steps to operationalize a data governance program geared to data sovereignty compliance. Successful data sovereignty requires collaboration across the organization, including among those responsible for legal, risk, compliance, information technology, and enterprise data management. The amalgamation of skills and technology within the organization will support the operationalization.

As organizations extend the reach of their operations and customer base and look to leverage the cloud for computing, data distribution, and application hosting, they must understand the ramifications their business and IT decisions could have with respect to data sovereignty laws. With the concepts outlined in this book, organizations will be equipped to move forward to address the challenges of data sovereignty.