Data sovereignty refers to legislation that covers information that is subject to the laws of the country in which the information is located or stored. Data sovereignty impacts the protection of data and is affected by governmental regulations for data privacy, data storage, data processing, and data transfers across country boundaries. These laws are emerging as a key impediment to cloud-based storage of data, and they need to be fully understood and taken into account when information is created in one country but then moved to another country for analytics or processing.
The European Union’s (EU’s) General Data Protection Regulation (GDPR) is a recent example of a data sovereignty law. The EU published the GDPR in May 2016. After a two-year transition period, the GDPR will go into effect on May 25, 2018. The GDPR applies to the processing of personal data of all data subjects, including customers, employees, and prospects. The regulation applies to organizations and data subjects in the European Union. Non-compliance with the GDPR may result in huge fines, which can be the higher of €20M or 4 percent of the organization’s worldwide revenues.