Geographic location plays a significant role in establishing data protection obligations in the cloud. And while many cloud services originated within the US, growing demand, global competition, and practical business models drive vendor proliferation of cloud services hosted across diverse geographic locations.
Unfortunately, conversations with end users and vendors suggest many organizations simply aren’t aware of where their cloud data centers reside. This naive lack of information can be quite risky when the location of the data center triggers a number of privacy and data security requirements that — if not met — may just land you in jail, facing a stiff fine, or at the very least, navigating cumbersome compliance requirements.
Forrester’s recent research, Infrastructure-As-A-Service (IaaS) Clouds Are Local And So Are Their Implications, sheds some light on the impact of geographic location and provides a working map of today’s Public IaaS data center locations. This initial footprint is likely to change as demand continues to expand and I&O professional are well advised to track just where their data center exists in the cloud to understand how country specific regulations may impact business.
To help you grasp the varying scope of regulatory requirements at a high level, we’ve also created an interactive privacy heat map that denotes the degree of strictness — highlighting scope of protection, affected entities, ‘adequacy’ standards met, and heavily surveilled countries — across national data protection regulation.
Remember, pay attention to where your data center will reside in the cloud. Country specific regulations governing privacy and data protection vary greatly, and can have an effect on data transfers, choice of security safeguards, and the rights of the data subjects.