Data protection and privacy has become an essential right; due to the leading role of data in our modern economy. It is key both for building trust and for creating added value and, therefore, growth. As a result, data sovereignty measures have been adopted around the world to protect the citizens’ data. Although data management not only benefits consumers but also companies and nations.
What is data sovereignty?
While technological sovereignty is a vague term that can lead to misconceptions, data sovereignty specifically refers to questions concerning data itself. Data sovereignty is a concept that refers to the fact that data processed by an organization is subject to the laws and regulations of the country or region where it is located. So, businesses must comply with data privacy regulations, guidelines and best practices within their location or the location where they provide their services.
It is an important aspect to consider when migrating to the cloud. At Stackscale, customers know where their data is hosted. Our infrastructure and cloud services are located within the European Union — we currently have data centers in Amsterdam and Madrid — and secured by its regulations. But, in some cloud solutions, customers don’t always know where their applications’ data is physically located.
During the last years, many governments have passed laws regarding how data is stored, protected and used. Not only to protect their citizens’ data, but also to avoid other nations acquiring it. Since data regulations also limit how businesses and organizations can transfer personal data abroad.
Data sovereignty laws in the European Union
Following the release of their main regulation in 2016, the General Data Protection Regulation (GDPR), the European Union is a leader in data protection worldwide. It was followed by the regulation on the free flow of non-personal data (FFD) in 2018 and the EU Cybersecurity Act and the Open Data Directive in 2019.
The General Data Protection Regulation (GDPR)
The GDPR unifies data protection regulation within the EU. It establishes strict rules on how EU citizens’ personal data must be stored, collected and processed; both within and outside the European Union. It was approved in April 2016 and entered into force in May 2018; replacing the 1995 European Data Protection Directive.
The GDPR applies both to data controllers — organizations using cloud services that process EU citizens’ data — and data processors — organizations providing cloud services that process EU citizens’ data. This regulation, although flexible for certain aspects, applies to all EU Member States, creating a common data sovereignty and protection framework within the region.
The regulation on the free flow of non-personal data (FFD)
The goal of the regulation on the free flow of non-personal data is to boost the benefits of the data economy. It is applicable from May 2019. The FFD contributes to the creation of a competitive digital economy within the EU. Together with the GDPR, it aims to guarantee the free movement of non-personal data across the Member States of the European Union.
The EU Cybersecurity Act
The EU Cybersecurity Act establishes a UE cybersecurity certification framework for digital products, services and processes. In addition to strengthening the EU Agency for cybersecurity (ENISA).
The Open Data Directive
The Open Data Directive provides a common legal framework to facilitate the reuse of public sector information. It also aims to make high-value data available for reuse and strengthening transparency. It entered into force in July 2019.
The European Digital Strategy & the Digital Single Market
The EU Digital Strategy focuses on the following basic aspects in order to create a strong, competitive digital economy:
- Boosting the growth potential of the digital economy, while adopting technologies that respect European values.
- Empowering citizens to be aware of how they act and interact with data, both online and offline.
- Building a climate-neutral and resource-efficient economy.
- Creating a fair Digital Single Market where businesses can compete on equal terms and individuals’ rights are respected.
- Improving access to digital goods and services across Europe, both for consumers and businesses.
At Stackscale, we always develop our products and services with security, privacy, transparency and efficiency in mind. Besides, we are proud to say that we opt for open standards and protocols to develop our Private Cloud solutions. Since that enables our customers to keep greater control over their IT environment.