Speed up compliance with data mobility and independence from the sovereign Cloud

Adhering to compliance, privacy and security rules along with protecting data access and integrity are important components of data sovereignty legislation, but relying on these alone may not be enough to achieve data sovereignty for your organisation.

Currently, over 50 countries have passed laws to regulate how data may move across national borders. For this reason, mere compliance with data sovereignty regulations may not be enough for data sovereignty. To comply with data access regulations across national borders, some companies have decided to drastically alter their operations. For example, French and Austrian organisations were forced to stop using Google Analytics because it could potentially expose personal data of their citizens to ‘spying’ from the US.1 Meta, the parent company of Facebook, announced that it might stop its services in the EU in 2022 if data transfer issues between countries were not resolved soon.²

‍

‍

Strict restrictions on data movement can have a devastating impact on the future of organisations and even on national, macroeconomic prospects. For example, if Rotterdam Runners were unable to store all Dutch, Belgian and German sales data in one centralised place, it would become a massive accounting headache. Rotterdam Runners' accountants would have three times more work, as they would have to keep separate accounts for each country, resulting in a sharp increase in operational costs and reduced productivity. With this strict restriction on cross-border data traffic, Rotterdam Runners might only sell shoes in the Netherlands and not make use of their market potential, which in turn negatively affects the Dutch trade balance.

Regulations around data movement are constantly changing, so organisations like yours need a flexible data infrastructure to future-proof operations and must work with specialists to ensure compliance with regulations around cross-border data movement. A sovereign Cloud combines the knowledge of local compliance specialists with a modern IT infrastructure that can easily adapt to changing data governance rules.

Ideally, a sovereign Cloud forms a central component of a multi Cloud strategy that also uses public Clouds for non-sensitive data. A multi Cloud strategy allows your organisation to scale efficiently, control costs and improve autonomous data sharing. By using a sovereign Cloud that allows full interaction between all components of the multi Cloud or hybrid Cloud, Rotterdam Runners can streamline their accounting and reduce operational costs.

‍

Data portability is an essential component of any effective sovereign Cloud, as it allows workloads to be migrated as soon as needed. Using a sovereign Cloud without this capability can limit the abilities and functionalities of your applications. According to the AVG (or GDPR in the EU), data portability is an individual right, as citizens must have the ability to export, receive or delete their personal data. To comply with the GDPR rules around data portability, data must be stored in a structured, common and readable format.³

Data independence is also essential for an effective sovereign Cloud. Separating data and the applications that use it prevents changes in the data structure from affecting the performance of your applications.

Moving into the changing field of data privacy and data sovereignty regulations can be quite challenging. The Fundaments Sovereign Cloud can help your organisation comply with rapidly changing Dutch and EU regulations without major impact on your organisation's IT resources. With expertise in data mobility, security and privacy, the Fundaments Sovereign Cloud can provide an effective strategy and direction to accelerate and simplify the race towards data sovereignty and governance.

If you want to know how Fundaments became the first Dutch Cloud provider with VMware Sovereign Cloud status, click here.

Sources:

1. New York Times, The Era of Borderless Data Is Ending, May 2022
2. New York Times, U.S. and European leaders reach deal on trans-Atlantic data privacy, March 2022
3. Deloitte, GDPR Top Ten #1: Data Portability, consulted July 2022

‍

‍