With digital transformation in full swing, more and more organisations are facing critical decisions about how to collect, store, process, and analyse data. In the past, this often took place within isolated and tightly controlled, but also inflexible environments. Today, the demands are different. Flexibility, scalability, and connectivity are essential in a modern digital landscape. These are all characteristics enabled by a mix of private and public cloud solutions, sometimes combined with on-premises IT infrastructure. This foundation allows organisations to build and offer a wide range of digital services, either internally or to end customers.
All this digital activity has led to an exponential increase in the volume of data being generated, transported, and stored. According to IDC, global data volume will grow to 175 zettabytes by 2025. To put that in perspective: one zettabyte equals enough data to stream music continuously for two billion years. IDC also predicts that by 2025, data stored in the public cloud will roughly equal the amount stored in private data centers. Meanwhile, global data traffic is growing rapidly, the World Bank estimated that in 2022, we transmitted 150,000 GB of data every second.
Challenges around data privacy
This immense volume of data brings new challenges, especially when it comes to meeting increasing national and international regulations around data privacy. When using cloud services, data is often transferred to and processed in other countries, where different laws may apply. Nevertheless, organisations remain fully responsible for complying with European and national regulations like the GDPR. Failure to do so can result in hefty fines. More importantly, customers and users now expect their data privacy to be respected. If not, they will take their business elsewhere.
Data sovereignty is gaining traction because it ensures round-the-clock access and control over your data, protecting it from unauthorised access. Practically, organisations must operate independently and confidently, free from the risk of data misuse by third parties, especially foreign commercial or governmental entities. Central to this is compliance with European laws that restrict transferring personal data outside the EU.
Data sovereignty is becoming a critical factor when choosing cloud technologies or providers. As reliance on interconnected cloud services and non-European providers grows, organisations must know exactly where their data is stored and ensure compliance with all relevant laws. This requires confirming that cloud providers meet stringent security requirements and protocols.
Where is your data stored?
A key factor in data sovereignty is data location. Ideally, personal data from EU citizens should remain in the EU. Storing data outside the EU is allowed only if the country offers adequate protection. This became crucial in July 2020 when the EU-US Privacy Shield was invalidated, causing cloud giants to shift EU data to European infrastructure.
In March 2022, the EU and the US announced a new political agreement: the Trans-Atlantic Data Privacy Framework. However, this framework is still in its early stages, and privacy advocate Max Schrems has already raised several concerns. For Dutch organisations committed to true data sovereignty, the safest option remains working with cloud providers and data centers that guarantee data remains within the EU, not only for primary storage, but also for backups and replicated data used in disaster recovery scenarios.
The importance of data location
Data location is central to data sovereignty. GDPR requires that personal data stored within the EU remain subject to strict regulation. Storing data outside the EU creates additional legal complexity. To ensure compliance and avoid these risks, organisations should keep data within the EU.
A regional data center ensures optimal control. At NorthC, our nationwide network is connected through our Region Connect service, ensuring that data transferred between sites in the Netherlands remains within national lines. Backups and disaster recovery sites remain in the EU, maintaining sovereignty without sacrificing availability, security, or connectivity.