--- title: Data Sovereignty tags: [Cloud, Compliance, Legal] --- # Data Sovereignty **Data Sovereignty** refers to the legal concept that data is subject to the laws and regulations of the country or region where it is collected, stored, or processed. ## Overview Data sovereignty has become a critical concern in cloud computing as organizations store and process data across multiple geographic locations, often across national borders. ## Key Regulatory Frameworks | Region | Regulation | Key Requirements | |--------|------------|------------------| | EU | GDPR | Data must be stored/processed within EU or with adequate safeguards | | China | PIPL | Critical data must stay in China | | US | State-specific laws | Varying requirements across 50 states | | Brazil | LGPD | Similar to GDPR for Brazilian data | | India | DPDP Act | Data localization for certain categories | ## Multi-Cloud as Enabler [[Multi-Cloud-Strategy]] enables data sovereignty compliance by: - Selecting providers with data centers in required regions - Distributing data across compliant geographic locations - Matching provider certifications to regulatory requirements - Enabling data residency controls ## Industry-Specific Requirements ### Healthcare - HIPAA (US): Patient data must have proper safeguards - Regional health data laws may require local storage ### Finance - Banking regulations often require data to stay within national borders - Payment card data (PCI-DSS) has geographic constraints ### Government - Classified or sensitive data often requires sovereign infrastructure - FedRAMP, IL-4/5 requirements in US government context ## Best Practices 1. **Map Data Flows** — Understand where data originates, moves, and is stored 2. **Select Compliant Providers** — Verify provider certifications per region 3. **Implement Data Classification** — Identify which data has sovereignty requirements 4. **Use Regional Deployments** — Match infrastructure to data requirements 5. **Monitor Compliance** — Continuous audit of data locations ## Related Concepts - [[Multi-Cloud-Strategy]] — Primary enabler for sovereignty compliance - [[Cloud-Maturity-Model]] — Level 3+ addresses compliance concerns - [[Cloud-Security]] — Security controls support sovereignty - [[Compliance-Auditor]] — Agent specializing in compliance frameworks ## Sources - [[sources/how-can-a-multi-cloud-strategy-transform-your-business-roi.md]]