CONTROLLING THE LOCATION OF YOUR DATA: AN UNDENIABLE COMPETITIVE ADVANTAGE WITHIN A REINFORCED REGULATORY CONTEXT

With the global Big Data market expected to reach $66.79 billion by 2021 according to MarketsandMarkets, data has become a priority asset that companies are capitalizing on to differentiate themselves, develop new products and outperform the competition. This gigantic Big Data, the new black gold of the 21st century, is our digital society’s raw material. As it grows at exponential speed and travels over increasingly powerful networks, it must be hosted and delivered 24/7 in the most secure and seamless way possible to optimally meet the needs of businesses and consumers.

In an uncertain security context where data breaches and leaks are legion, the GDPR was created in 2018, implementing a powerful legal framework to protect personal data. Its broad scope impacts not only the activities of European companies but also those located outside its borders that market products and services to European citizens.

Data localisation, a strategic issue in the era of trade globalisation

In addition to the massive development of data, the amount of cross-border bandwidth used has increased 45-fold since 2005 according to a McKinsey report. It is expected to continue to grow over the next few years as the flow of information, communication, video, transactions and intra-company traffic continues. Today, the growth in data flows generates more economic value than world trade in goods. With the development of the cloud and the divergence of the legal context surrounding the protection of personal data between states, controlling their exact location has become an imperative for companies, which is encouraged even more so by the GDPR and other ISO 27001 standards that impose rigorous control and security processes.

Location, residency and data sovereignty, which is most important?

The terms “sovereignty”, “residence”, and “location” of data are often confusing for companies. In reality, the common denominator between these three approaches is the determination of the confidentiality of the data in transit. “Residence of data” refers to the geographic location where the data is stored. “Data sovereignty” differs: not only is the data stored in a designated location, but it is also subject to the laws of the country in which it is located. This difference is crucial, as the companies involved will have different privacy and security protection depending on the location of the data centers hosting their data.

“Data location” is the most restrictive concept, imposing both clarity on their geographical residence based on local legal obligations and requiring that they be kept within the borders of the country in which they were created. Depending on the data’s degree of criticality, law requires that the data be stored and processed in local data centers, or that a copy be kept within the country’s borders to allow the government concerned to audit it if necessary (for example, in the context of counter-terrorism).

An American company wishing to establish a presence in France will not only have to comply with local legal requirements regarding sovereignty, and will therefore be subject to French and European law, but will also have to ensure that data created in France is kept within our borders.

Controlling the location of data – guaranteed security, availability and legal compliance

Choosing to host critical data in the country of residence or in Europe, in addition to choosing a sovereign cloud – where hosting and data processing are physically carried out on national territory by a local legal entity – is synonymous with security and trust for users, and allows compliance with the European and local legislative and regulatory framework. As a French company with data centers based in France and in European countries, DATA4 offers the best guarantees for the location and protection of its customers’ data. We implement state-of-the-art processes in terms of integrity, confidentiality and traceability as well as best practices in terms of redundancy, all with enhanced physical security.

At the heart of a market dominated by GAFAM and under the threat of the Cloud Act (a U.S. law that allows the U.S. government to view data hosted by U.S. companies, including abroad), now more than ever, the location of data has become a competitive issue for companies as well as a national sovereignty issue. Data center market professionals and public players must help foster the development of major European digital hubs to be on a par with the American platforms that have long made data the very essence of their economic strategies.