Current and emerging regulations for data localization generally fall into the following categories:
- Geographic restrictions that require data be stored and processed within a given country or region,
- Geographical restrictions on data sets to be copied outside the country,
- Permission-based regulations that require data exporters to obtain consent from specific individuals or institutions (e.g. in the financial sector) to transmit data out of the country.
Companies must understand the APAC localization rules in operating models, IT systems, and their international data flows. They should expect a plethora of sometimes confusing regulations on data privacy, transfers, and localization. The good news is that by developing a repeatable data localization approach, a company should be able to cover various jurisdictions, thus lowering costs. By staying on top of the legal requirements for data localization, a data center provider could also distinguish itself from its competitors.
Data sovereignty: what it means for cross-border data storage and transfer
Data sovereignty has become an issue around the globe that companies must reckon with in the entire APAC region driven by Russia and China. Their governments want easy access to servers and other data storage devices within the territory. Another motive for data sovereignty is to protect the local industry to prevent the local industries from outsourcing data storage and value-added services to other jurisdictions. However, there is also a veritable industry need to store data locally, which is particularly voiced by the industry. Many medium-sized and smaller companies and public institutions are often concerned that cloud data storage in other jurisdictions will trigger a host of security concerns, such as hacking, or government access to their stored IP and valuable data sets, which are often the lifeblood of the company.