65 lines
2.4 KiB
Markdown
65 lines
2.4 KiB
Markdown
---
|
|
title: Data Sovereignty
|
|
tags: [Cloud, Compliance, Legal]
|
|
---
|
|
|
|
# Data Sovereignty
|
|
|
|
**Data Sovereignty** refers to the legal concept that data is subject to the laws and regulations of the country or region where it is collected, stored, or processed.
|
|
|
|
## Overview
|
|
|
|
Data sovereignty has become a critical concern in cloud computing as organizations store and process data across multiple geographic locations, often across national borders.
|
|
|
|
## Key Regulatory Frameworks
|
|
|
|
| Region | Regulation | Key Requirements |
|
|
|--------|------------|------------------|
|
|
| EU | GDPR | Data must be stored/processed within EU or with adequate safeguards |
|
|
| China | PIPL | Critical data must stay in China |
|
|
| US | State-specific laws | Varying requirements across 50 states |
|
|
| Brazil | LGPD | Similar to GDPR for Brazilian data |
|
|
| India | DPDP Act | Data localization for certain categories |
|
|
|
|
## Multi-Cloud as Enabler
|
|
|
|
[[Multi-Cloud-Strategy]] enables data sovereignty compliance by:
|
|
|
|
- Selecting providers with data centers in required regions
|
|
- Distributing data across compliant geographic locations
|
|
- Matching provider certifications to regulatory requirements
|
|
- Enabling data residency controls
|
|
|
|
## Industry-Specific Requirements
|
|
|
|
### Healthcare
|
|
- HIPAA (US): Patient data must have proper safeguards
|
|
- Regional health data laws may require local storage
|
|
|
|
### Finance
|
|
- Banking regulations often require data to stay within national borders
|
|
- Payment card data (PCI-DSS) has geographic constraints
|
|
|
|
### Government
|
|
- Classified or sensitive data often requires sovereign infrastructure
|
|
- FedRAMP, IL-4/5 requirements in US government context
|
|
|
|
## Best Practices
|
|
|
|
1. **Map Data Flows** — Understand where data originates, moves, and is stored
|
|
2. **Select Compliant Providers** — Verify provider certifications per region
|
|
3. **Implement Data Classification** — Identify which data has sovereignty requirements
|
|
4. **Use Regional Deployments** — Match infrastructure to data requirements
|
|
5. **Monitor Compliance** — Continuous audit of data locations
|
|
|
|
## Related Concepts
|
|
|
|
- [[Multi-Cloud-Strategy]] — Primary enabler for sovereignty compliance
|
|
- [[Cloud-Maturity-Model]] — Level 3+ addresses compliance concerns
|
|
- [[Cloud-Security]] — Security controls support sovereignty
|
|
- [[Compliance-Auditor]] — Agent specializing in compliance frameworks
|
|
|
|
## Sources
|
|
|
|
- [[sources/how-can-a-multi-cloud-strategy-transform-your-business-roi.md]]
|