Data breaches. Privacy issues. Ever-increasing regulations. Data security has quickly moved from an IT department issue to everyone’s concern. And that includes awards program management, where sensitive data is often collected and stored.
Ensuring the safety of your program data and the data of your entrants and judges is crucial. But how do you know what rules to follow and how best to protect your data?
It starts with data residency, where country- and region-specific regulations affect how you collect, process and store your users’ data. And it’s more important than ever to be across what obligations you have.
What is data residency?
Data residency might sound like complicated jargon but it’s actually simpler than it seems. Data residency is the specific geographic location where a business or organisation stores its data—the data centre where the data physically sits. That’s it! Ensuring your data is securely stored in this particular environment is critical in complying with data regulation law and data protection.
You may have heard of other similar terms like data sovereignty and data localisation and wondered, what’s the difference? Whilst these terms may seem to be the same, and are often used interchangeably they are in fact different. Let’s clear up any confusion.
While data residency is the geographic location of your data, data sovereignty is the privacy and security laws of that specific location which govern your data. Each location will have different regulations that you must understand and follow, so it’s important to choose your data residency with this in mind.
Data localisation refers to laws and regulations that require data created within certain borders stay within those borders. It is usually applied to the creation and storage of personal data, and serves to guarantee that the relevant governing body can audit data if there is due cause.
Now that we know what data residency is, let’s take a look at why it matters.
Why is data residency important?
The relevance of geography is becoming increasingly important in data protection. Currently, 128 countries have data protection and privacy legislation and 19 countries have legislation in draft. So just as every country has its own laws for its citizens, the same is beginning to apply to data protection and privacy laws.
Effective on 25 May 2018, the General Data Protection Regulation (GDPR) is probably the most well-known regulation on data protection. GDPR replaces national privacy and security laws that previously existed within the European Union with a single, comprehensive EU-wide law that governs the use, sharing, transfer and processing of any personal data that originates from the EU.
However, there are other regulations that may not have received the same level of focus and attention. Some of the other most common standards are the California Consumer Privacy Act (CCPA), the Lei Geral de Proteção de Dados (LGPD) in Brazil and the Australian Privacy Principles (APP).
You need to understand your data residency requirements for your region. Your organisation may also have their own internal policies that require your data be stored in a particular location. Work with your legal and compliance teams to determine what your data residency obligations are and stay up to date as these regulations and internal policies may change and evolve over time.
What may be considered acceptable use of personal data in Canada, for example, may not be considered acceptable in Germany. It varies from country to country.
And with 47 countries without known data protection legislation, these regional differences will likely only increase in the future. For example, one of the newer regulations, the LGPD in Brazil, just recently came into effect on 18 September 2020. But compliance isn’t the only reason. When data is stored in the same region as the majority of your users, the data has less distance to travel and therefore offers a faster and better user experience for your entrants and judges.
Your data, your choice
With a global solution like Award Force, you have the freedom to store your data in a supported region of your choice, and we have plans to regularly expand to additional regions moving forward. This means your program data—from entries and judging data to communications and uploaded files—is safely stored in the region of your choice.
Keep your data safe
Data security and the governing regulations can be a complex topic. But it’s becoming more important than ever to protect your data, comply with international privacy regulations and work to protect your users’ privacy.
Simply put, your valuable program reputation depends on it.