A white paper released by global data centre specialist HDR|Hurley Palmer Flatt Group, urges business leaders to carefully consider how and where their data is stored, and by whom, to avoid their information becoming unintentionally subject to another country’s laws.

The white paper, entitled Data Sovereignty: The Imperative for Action, delves into the complex, and often little-understood concept of data sovereignty, describing it as countries enforcing their own privacy laws on data stored within their jurisdictions – often regardless of where the data is generated.

The rapid take-up of cloud-based data storage exposes businesses to issues around data sovereignty more than ever before, said Peter Gaston, director at HDR|Hurley Palmer Flatt Group.

“Businesses have an obligation to themselves to make informed decisions about where their data is stored, how it is managed and how it is shared, particularly across country borders,” Gaston said. “A lack of due diligence can pose a worrying threat to their integrity and security of their data.”

The white paper outlines how data sovereignty can unexpectedly become an issue even if a business does not have direct operations overseas.

For example, personal information obtained by a business’ customer service call centre located offshore will be under the purview of foreign privacy laws. The same applies to personal information sent to a company’s branch office or processing centre located abroad.

When data is stored through a cloud service, the data becomes subject to the legal jurisdiction and privacy regulations of wherever the cloud provider keeps its data. Even ‘local’ providers use overseas storage.

Adding to the complexity of the issue are countries’ widely varying, ever-changing laws.

This ranges from the European Union’s General Data Protection Regulation (GDPR), to the position taken by countries such as Russia, China, Germany and Indonesia that their citizens’ data must be stored on physical servers within the country’s borders.

The effect of Brexit on data sovereignty in the UK and EU remains unclear, while other countries are still defining their control of data.

Businesses have never possessed such extensive reserves of personal data, nor been so close to their customers as a result of the information generated in the current digital economy. However, increased volumes of data comes with increased risks to its security and integrity, according to Robert Thorogood, executive director, HDR|Hurley Palmer Flatt Group.

“Data is widely recognised as one of the most valuable materials of our future, but legal constraints around where it should reside and how it can be used have serious implications for how businesses use and store their increasing volumes of information.

“The current legal framework exists to protect individuals, organisations and countries, but the landscape is fraught with pitfalls. For this reason it is imperative that organisations give the management of data their fullest attention,” Thorogood said.