Data sovereignty is now one of the top concerns of those making data centre buying decisions. The principle that data is subject to the laws of the country where it is collected or stored, has been enshrined in two discrete, but connected pieces of legislation: The Data Protection Act 2018 (DPA 2018)[1] and the UK General Data Protection Regulation (UK GDPR)[2].
Whilst both these statutes enforce sovereignty as a minimum, they also cover the use of personal data, including how it is collected, stored, and processed. As such, they shape the demand that drives data centre buying decisions – not just from a compliance perspective, but also in terms of how data centres enable a business to embrace modern technologies.
To put this another way: the ‘stick’ of data sovereignty is that failure to meet data residency requirements carries significant financial and reputational risks. Current ICO penalties for ‘transfers of data to third countries’ qualify for the higher maximum amount of either £17.5 million or 4% of total revenue[3].
Few businesses realise that these fines apply to both the storage of data AND its transit: and fewer still are ready for the fact that this risk is only set to grow as the upcoming UK Data Protection Bill, introduces further restrictions and obligations.
However, the ‘carrot’ is that adopting data sovereignty best practice means a business can leverage innovative technologies quicker. For example, data processing closer to the source aligns with data sovereignty principles by keeping data within national borders. But it also minimises latency and reduces reliance on centralised data centres, improving operational speed and resilience.
This is especially important when it comes to exploiting the advances in artificial intelligence and machine learning. Both AI and ML need significant data processing power. Consequently, a network of high performance, UK-based data centres that enables faster processing and minimises data transfer time, is the ideal infrastructure.
Pulsant's Private Cloud (PPC) is the UK's sovereign cloud platform enabling businesses to seize upon this opportunity. Based on our owned and operated data centres, access to a private ecosystem of partners, and private on-ramps to public cloud, PPC helps businesses ensure compliance with emerging regulations, and mitigate rising costs of public cloud and data transit.
Going beyond purely compliance, PPC also offers organisations the confidence that their data is not only stored within UK borders, but that it resides in the most secure, resilient, and connected infrastructure.
This turns data sovereignty into a strategic tool that means businesses can not only mitigate regulatory risks but also embrace the potential of emerging technologies whilst improving resilience.
[1] As at Data Protection Act 2018
[2] As at The UK GDPR | ICO
[3] See Penalties | ICO
