Protect Your Organization amid the Data Sovereignty Sea Change

Expect a mad scramble for companies to comply with the recent changes to privacy and data sovereignty laws in the European Union and Russia. If your organization has been stalling to update its governance and compliance strategy, now is a good time to start.

The European Court of Justice’s recent scrapping of the Safe Harbor agreement between Europe and the United States came on the heels of the Russian government’s amending its data protection law to require that personal data about Russian citizens be stored in Russia. While some of the implications of these new requirements are still unclear, global organizations are required to comply and ensure that they control which information is transferred into the United States and which is to remain on the soil of the country of origin.

These changes should be a wake-up call for multinational businesses or any company with employees in one region that needs to transfer information such as payroll or benefit data to another region. Further regulations could hinder sharing data between partners, vendors, or customers, such as those needed for loyalty programs, service management contracts, or customer relationship management. The European Data Protection Authority already has said third party data sharing could come under intense scrutiny for such practices.

It can be a difficult task to separate information that is subject to data privacy regulations from information that is not. Sure, documents written in Russian may be easy to classify as Russian, but in a multinational corporation, a lot of Russia-related content likely will be in English and authored by employees in countries other than Russia. The best solution is a sound information governance strategy. For those who do it properly – classifying content with the right metadata – complying with any change in the regulatory landscape can be a lot easier.

On a technology level, the ability to comply with the EU and Russian laws is likely similar to complying with data laws that exist elsewhere – many countries already have existing information sovereignty regulations that multi-national corporations are dealing with. The technology is available for multinational companies to have the right information governance platform in place to address new data sovereignty laws in other countries. What’s important, however, is that the information governance platform of choice has the flexibility and agility to address the ever-changing regulatory landscape.;