GDPR [in Europe] was just the beginning. Before GDPR, we lived in a data economy that didn’t always respect the individual. In fact, if you were using a free app, it was probably fair to say that your data was the price for downloading it.
And it’s easy to see these kinds of regulations things to be complied with. After all, it’s hard enough for startups and scale-ups to market themselves, develop compelling products and seek funding without having to add further due diligence to their workload – let alone understand the data ‘supply chain’ of their suppliers and partners.
But embracing respect for data – data sovereignty – as a design principle, can greatly enhance relationships with customers, investors and the broader ecosystem. To understand why, we have to delve further into what data sovereignty is and isn’t.
What is Data Sovereignty?
Data sovereignty is about control and freedom. It’s also about rights: GDPR laid the foundations for individuals to have control over their personal data, including how it’s handled, stored, whether it’s transferred and who has access to it. These themes are all at the heart of data sovereignty. However, there are many more types of data than personal data, and the future acts from the EU aim to address this.
Data sovereignty is important for many reasons. First and foremost, data is subject to the rules of the country in which it’s stored. So, if your country allows processing of data by the government for intelligence purposes, or your data is transferred to a country like this, then it’s important for customers to understand this.
“Data sovereignty for us means giving customers certainty that the data they transmit to us will remain beyond the remit of foreign government interference.” Ludwig Bull, CEO, CourtCorrect.
But again, sovereignty isn’t just about privacy and control. Having a good sovereignty approach also means that your organization has thought about whether you’ll want to move your data and how technically feasible this is. For example, some cloud providers can charge fees for moving data in and out of their clouds (ingress or egress fees) and others use different standards, making ‘free data movement’ difficult and expensive.
This situation can be a bit like a having bank account, but then when you want to transfer to another bank, you have to pay a large part of your savings to do so – and then also have to pay the new bank to open the account and move your money in! Similarly, many cloud providers have long minimum contract periods, which means that if anything changes at that provider, you won’t be able to pivot your data strategy very quickly to react.
A robust sovereignty strategy also includes making sure that you can pick the right hardware and data handling for your applications and customer requirements, including any specific sectoral needs. This ensures that workloads run in the best possible way, and that data which needs to be handled in certain ways – for example, in the healthcare industry or the public sector – is well managed.
All of these things are not only prerequisites in some cases, but also send a number of messages to customers about the kind of organization you are.
Making Data Sovereignty pay off
So that’s what data sovereignty is. But how does it actually benefit you, beyond simply complying with regulations?
First and foremost, data sovereignty ensures trust. A sovereignty strategy says to other organisations that you’re treating their data with respect, and that you have the flexibility to adapt if needs be. It’s like seeing your doctor wash your hands or put medical gloves on before starting a treatment – it’s respectful and is good practice. This kind of visibility and transparency also tends to sit very well with procurement departments.
“Any organization that sells on the basis of building a trusted relationship with its customers will benefit greatly from Data Sovereignty,” Shân Millie, Bright Blue Hare.
However, there are a number of other benefits:
- Data Security: Consider a startup in the fintech sector. This company processes vast volumes of sensitive financial data daily. A sound approach to sovereignty ensures that data remains under the protective umbrella of the company’s home country, significantly reducing the risk of unauthorized access and data breaches.
- Data Compliance and Regulations: Startups and scaleups often operate in a global context, serving customers worldwide. However, different regions have distinct data protection laws and regulations. Showing that your organization is already compliant with such regulations from the get-go can also accelerate your journey through procurement processes.
- Data Ethics: In today’s era of heightened data ethics awareness, consumers expect companies to handle their data responsibly and transparently. Data sovereignty empowers startups to adhere to ethical standards in data handling, building trust with their customers and partners. It allows organisations to answer fundamental questions like whose data is this, who controls it, who processes it, and who gets to choose these things?
All of these things are tremendous assets to startups. And in fact, startups often have the edge in developing sovereignty strategies. Large, well-established organisations have many challenges in re-architecting old principles and approaches to meet the needs and requirements of modern society, including sovereignty. Startups are nimble, agile organisations and can include considerations of data sovereignty by default and by design, building them into their company DNA. By adopting these principles, they can show that they are secure by design, compliant by design, ethical and considerate by design – and that’s a very compelling USP for any organisation.
Riding the prevailing winds
It’s also important to note that if you’re in the EU, or doing business with the EU, data sovereignty isn’t just a ‘nice to have’ – it’s the direction that the industry is going in. US organisations are already having to adapt to this, and the data adequacy between the UK and the US, for example, shows just how seriously countries are taking this, let alone large organisations.
EU bodies have started something unstoppable. They are building a landscape of trust and showing that cutting-edge innovation is compatible with respect for consumer data. The sun is setting on the old ways of doing business, and increasingly putting people in charge of their own data. This is inherently a better, more respectful online world – and for those who get on board early enough, a huge market opportunity.
 | X |  |
Start-Up Program Manager
UK & North Europe Cluster
OVHcloud