Do you have a solid data governance plan in place? Is it up to date? Do you have any way to actually achieve it? If not, you might be at risk of rubbing the wrong way against the current data residency and data sovereignty rules and regulations.
With your eye on data management, IT upgrades and the constant day-to-day interruptions that inevitably crop up, data governance might be the furthest thing from your mind. But it’s important.
From the protection of personally identifiable data like medical records, governed by entities such as PIPEDA, DPA, and HIPPA, to data protection and retention compliance for financial records, data governance permeates all types and sizes of businesses.
No matter your industry or company size, you need to understand what is required of you in terms of how, where, and for how long you store your data.
Why is data governance important?
Data governance regulations – as well as potential fines for those companies not adhering to these regulations – are increasing. If you don’t have a governance plan, you run the risk of some very serious penalties.
For example, the EU General Data Protection Regulation (GDPR) is coming into effect May 25th 2018. Its current incarnation, the UK Data Protection Act (DPA) has a theoretical maximum fine of £500,000. But with the new GDPR regulation, fines will reach an upper limit of €20 million or 4% of annual global turnover, whichever is higher.
This means that for many companies, failing to comply with the new regulations won’t just be a pain – it could mean insolvency or closure.
Data governance: Your first line of defense
A good data governance plan will outline how your data is managed. This includes its availability, usability, integrity, and security, and specifies who is responsible for which aspects of data management.
Your data governance plan needs to clearly explain how data will be:
- Stored and protected from unexpected disasters like theft
- Handled by those with the proper clearance, and
- Audited on a regular basis
This plan should take into consideration all of the current regulations affecting your industry, as well as the residency and sovereignty of your data.
The legalities of where data is stored
Data residency and data sovereignty are two concepts that will affect what your governance plan looks like. To some degree they are overlapping concepts covering the legalities of where the data resides, and the legal authority over the data, regardless of where it resides.
In recent years, cloud storage has seen a huge uptick in adoption – but along with all of its benefits comes additional data governance concerns and potential risks.
In the past, companies assumed their data would be subjected to the laws of the country in which the corporation that owns the data resides. If you were a Canadian company, your data would be subject to Canadian laws. However, storing your data in the cloud may cause it to inadvertently change country locations based on where the server resides. This can result in a change of data sovereignty, which can have serious implications for many industries.
Having a clear understanding of where your data is stored is important for maintaining privacy regulations and keeping foreign countries from subpoenaing data. There have been cases where U.S. law enforcement and intelligence agencies have had access to European data files, despite apparently strong protection laws, simply because data was in cloud storage.
How ioFABRIC Vicinity helps you address these challenges
Vicinity enables you to leverage a hybrid cloud solution to mitigate the risks associated with unclear or changing data residency often associated with the public cloud. Using a hybrid cloud solution, you can store sensitive data on your on-premise private cloud while benefitting from the economical advantages of the public cloud for less sensitive data.
Vicinity also enables you to set policies to ensure compliance, specifying geographical locations that specific data is allowed to reside, and tailoring data migration and protection rules. These rules can be adjusted based on future data storage regulations, ensuring that you are always compliant.
Planning for current and future compliance can be difficult, but with the right tools and a proactive attitude, you can save yourself a massive headache – or even a massive financial penalty – that may be difficult or even impossible to recover from.
Sign up for a demo to see how ioFABRIC uses policies to ensure your data residency requirements are met.