/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
/dq/media/member_avatars/AYMcEOCg0Hat7pNZP430.jpeg )
Follow Us/dq/media/media_files/2024/12/26/StnluBgbk2MhM6qmdcUZ.png)
Data Sovereignty Photograph: (Dall E)
For years, data sovereignty was relegated to the backrooms of IT departments, a compliance box to be ticked. But in this new age of geopolitical uncertainty and rapidly evolving regulations, that paradigm has been shattered.
A new research titled, “Data Sovereignty: A New Era Navigating Risk in a Dynamic World” by Pure Storage and the University of Technology Sydney (UTS) reveals that data sovereignty is no longer a niche technical issue; it's become a fundamental business risk with the power to disrupt services.
According to the study, the concerns are unanimous and acute:
- 100% of leaders confirmed that sovereignty risks have forced them to reconsider where their data is located.
- 92% cited geopolitical shifts as a key factor in increasing these risks.
- 92% warned that inadequate planning could lead to significant reputational damage.
- 85% identified a loss of customer trust as the ultimate consequence of inaction.
Geopolitics and the tangible risks of data location
The theoretical risks of data sovereignty are becoming a tangible reality for businesses. As Matthew Oostveen, CTO & VP, Asia-Pacific & Japan, Pure Storage, explained in an exclusive interview with Dataquest, laws like the U.S. CLOUD Act allow U.S. government agencies to access data held by American-owned tech companies, even if that data is physically stored in servers in other countries. This somewhere creates a legal exposure that can lead to a foreign government gaining access to sensitive data, an undeniable risk of foreign influence and a loss of control for companies in the APAC region. Many companies may mistakenly believe their data is protected by local laws simply because it's stored within the country's borders, but Oostveen's comments clarify that this is not always the case.
Data localisation requirements are another major factor transforming the landscape. India's Digital Personal Data Protection Act (DPDP) is a prime example. The law has direct implications for companies that handle data of Indian citizens, as it mandates that such information cannot be used to train an AI model in a third-party country unless it is anonymised. Similarly, any interaction an Indian citizen has with a deployed AI model, and the resulting data, cannot be processed outside of India.This forces companies to re-evaluate their technology and service providers to ensure their data remains within the country's borders. As Oostveen stated, this requires businesses to either keep this data in-house or partner with sovereign service providers who can guarantee jurisdictional independence and compliance with local laws.
A hybrid path forward
The solution, according to the research, is not an all-or-nothing approach. Businesses don't have to choose between a complete detachment from public cloud services and a disregard for all risks. Instead, Pure Storage advocates for a balanced, hybrid strategy: assess the risk landscape, place the most critical and sensitive workloads in sovereign environments, and leverage the public cloud for less crucial functions. This allows companies to maintain control and compliance without sacrificing the agility and innovation needed to compete.
As the regulatory landscape continues to evolve and geopolitical tensions persist, proactive preparation is key.Organisations that strategically assess their data risks and adopt a balanced, hybrid approach are positioned to gain a competitive advantage in a world where data location and control are more critical than ever.
Read More:
SAP’s Jan Bungert on how business AI and data cloud are powering India’s Techade
AI demand could push data centre spend to USD 500 billion a year by 2030
How is Equinix CN1 data centre built to scale 4,250 cabinets
Scaling up: How strategic datacenter locations are driving business success?