Digital Independence: How Understanding Data and Digital Sovereignty Will Impact Your Business in the Age of the Big 3 Dominance
Since the rise of the cloud, US companies have dominated the market. The latest figures show that the Big 3 (AWS, Azure and GCP) hold a very comfortable majority of the cloud market in Europe. But why might this be a problem for Czech companies?
Czech companies are no exception to this trend, and according to the survey we continuously conduct, the majority of Czech companies we communicate with either have experience with hyper-scalable technologies from American giants or are currently using them.
However, with the rapid rise of concerns about security and privacy, thinking about geographical access to IT is also beginning to change. The initial wave of enthusiasm and the need to hop on the cloud train at all costs has passed — now companies must consider very carefully which train car they choose. Their choice can bring serious legal consequences for their operation.
So how can a poor understanding of the concepts of data residency, data sovereignty, and digital sovereignty endanger your business? That is exactly what we will look at in today’s article — we will explain these concepts, highlight their differences, and also the reasons why it is necessary to think about them in the context of your company.
📍 Data Residency
As the term suggests, it is the location of company data in the literal geographical sense. Is your company data stored on your servers, in a Czech data center, or in a foreign data center via a cloud service?
This topic first began to be addressed significantly when it became clear that the GDPR was going to become a reality. This European regulation clearly requires that the data of European citizens remain within the territory of the European Union. Very strict rules apply to critical sectors such as banks, hospitals, or public institutions.
It might seem that this requirement actually makes sense from a security perspective and that nothing more needs to be done to protect privacy. But this is where another level comes into play — the legal framework.
🏆 Data Sovereignty
One thing is that the data is geographically located in a specific territory under the administration of a given government or organization. But this principle alone does not ensure that an organization under another jurisdiction does not have access to the data.
Therefore, data sovereignty addresses legal control over the data, not its location itself. So although your data may be located within the EU thanks to the fact that American giants also operate data centers there, your data is subject to US legal regulations.
It was the data flow between the EU and the US that became the subject of a lawsuit in Ireland (Schrems II). The problem was that Facebook had a branch in Ireland, but bilateral agreements allowed it to export user data from the EU to the US, where rules consistent with the GDPR no longer applied. The US secret services therefore had free access to European data.
So if you do not want to risk data misuse beyond the EU’s protection, you need to look at whether your provider is really the provider of its own cloud, or whether it is simply reselling a foreign cloud. It is a good idea to ask about data sovereignty and the processes the provider uses to ensure the privacy of your data.
💪 Digital Sovereignty
So far, we have talked about data and how to handle them, but sovereignty goes much further. It is not only about data and its possible misuse abroad due to insufficient legislation, but also about dependence on foreign technology and service providers.
Your data is one thing, but your infrastructure and the data obtained from its operation are another. If you use a provider outside of the EU, you may actually lose your IT when a trade war breaks out and technology will be one of the levers that will be used.
That is why the trend of hybrid infrastructure, including multicloud, is on the rise, so as to avoid complete dependence on a single supplier. At the same time, the principle of cloud repatriation is also gaining momentum, when companies either return to on-premise solutions or switch to local clouds. The aim of all these solutions is to reduce the risk of high dependence on a supplier, which is highly risky for maintaining the company’s operations.
❓ How to Deal with These Concepts?
This varies depending on the organization we are talking about.
If you are a company that wants to take a closer look at your infrastructure, then it is a good idea to find out detailed answers to these questions:
- Where is the data stored?
- Who has access to it?
- What jurisdiction applies to it?
- What other options are there within the Czech or European market?
- What type of infrastructure do we actually need?
Choosing the right IT infrastructure is a science, so don’t be afraid to consult with experts. You have to define what the infrastructure should do for you, while IT experts will show you how to achieve it efficiently. Come and talk about it with our technicians and book a free consultation.
Then there are questions and areas that should be addressed at the state level.
- What share of investments goes into Czech IT infrastructure solutions?
- Is the legal framework effectively set up to ensure transparency with regard to data storage and handling?
- What steps must be taken to effectively implement European regulations that need to be adapted to the Czech legal system?
With the advent of AI, this information will become even more important, because it will no longer be just about the use of data by foreign agencies, but also the use of data for training AI models. This is already happening, and on some platforms it is happening without the consent of their users.
🫵 Conclusion
Just as cybersecurity is in your hands, so is protecting your data and that of your customers. It is up to you which path you choose, but you need to be aware of the risks associated with the choice and the risks you expose yourself to if you do not address residency and sovereignty. You can be digitally dependent or digitally independent. Which one is your choice?
