In recent decades, lawmakers and regulators’ attention has turned to the online world in order to mandate how data should be treated, depending on servers’ physical presence.
Moreover, a reported 55 percent of internet users are more concerned about privacy year on year and, by 2023, it is estimated that 65 percent of the global population will have their personal data covered under modern privacy regulations – up from 10 percent in 2020, all according to Statista.
This makes it certain that data sovereignty will not merely remain a key concern worldwide but that it will become even more central a consideration for lawmakers and companies alike – as well as bring several opportunities to data center operators.
KYC and CDD demand compliant data storage
KYC mandates are no stranger to certain types of businesses. From banks, fintech and lenders to real estate agents, online betting companies and BNPL providers, many have to request documentation and run verifications when onboarding a new customer.
Shorthand for Know Your Customer, KYC may have its roots in the financial sector and anti-money laundering and anti-terrorism funding defenses, but the reach of this process is widening, with more organizations than ever either having to request such sensitive data as proof of identification, age, and address, or choosing to in order to be safer. As explained in a breakdown of KYC for fraud preventionat Seon, it falls under the Customer Due Diligence (CDD) umbrella, which is also responsible for the detailed source of funds information sometimes required to make deposits or transact, for example.
Yet, the laws are not standardized nor is there a universally accepted KYC method out there. As a result, organizations either have to not allow custom from other locales, or integrate and manage several different KYC processes, per locale.
One very common pain point shared around the globe though is how to efficiently store KYC and CDD data, which are sensitive and confidential – and because they concern your customers, the fines for not securing it are sizable.
And, from there, another concern arises: When this data is stored per our legal obligations, which legislation applies? Those of the nation where it is collected, that of the customer’s nationality or even place of residence? The location of the data centers, the servers, or the company collecting the data?
Data privacy and sovereignty effects on KYC
In general terms, the concept of data sovereignty is linked to the laws and regulations that apply in the country where the data is stored, and thus to the data itself, as outlined in an article published on the website of data virtualization firm Gluent. The author distinguishes between this and data localization, which simply refers to where authorities mandate that data should be located, and data residency, which is a business-directed policy and usually set for performance, regulatory or tax reasons.
KYC data ought to be stored securely but also protected, with the GDPR and similar legislation outlining heavy fines for businesses who do not comply, on top of the already stringent laws governing KYC and CDD procedures. The financial stakes are too high and the data protection and regulation environment increasingly more complex.
And, at the same time, the data sovereignty landscape is not clear at all, with new laws coming into effect as well as being proposed throughout the world. These can be national or regional. For instance, Gaia-X is a European cloud network initiative spearheaded by Germany and France, but Germany itself is setting up its own Sovereign Cloud provided by T-Systems and Google, as reported in September.
Data center trends that affect sovereignty
Recent analysis of this issue by the CPO of Immedis characteristically mentions “the war for data sovereignty” as being “far from over” and notes that by 2025, 51 percent of all data will be in data centers and 49 percent in the public cloud.
What this war brings is immense opportunity for data center operators, who would be wise to tune into the latest trends and consider the shifting needs of businesses moving forward. Versatility, flexibility and adaptability are in high demand, not least thanks to developments in data sovereignty mandates.
For instance, edge-of-network data centers have been lauded as the way of the future by industry leaders. Because of their location at the edge of a network, edge data centers boast faster content delivery and minimal latency compared to legacy solutions.
Meanwhile, micro data centers are much easier to scale up and meet a variety of needs. As they can be spread around a city, they can take advantage of smaller buildings, requiring minimal investment to start generating revenue compared to larger projects.
What’s more, temporary, to-go data centers “much smaller than a shipping container” are equally going to be key, even more so due to geopolitical shifts. Risks from natural disasters and climate change can be mitigated against with infrastructure, too. Portable data centers were introduced in 2006 by Sun Microsystems and have come a long way since, but are still often overlooked, especially by those outside the sector.
All three of the above are more versatile because of their size and can scale to correspond to the needs that arise from KYC and other sensitive data that has to be stored locally. Infrastructure conversions can be looked into, as well as expansion and upgrades.
As data sovereignty legislation becomes more fragmented and localized, companies are set to look for more versatile set-ups. What’s more, there will be a need for temporary and interim solutions while legislation is still undecided.
Last December, Danny Allan, CTO of Veeam Software, predicted that 2022 “will be the year of data sovereignty cloud.” Companies as well as consumers are waking up to the fact that even data stored in the cloud resides in remote physical storage and the laws that apply to those data centers are important.
Indeed, as the shift takes place, companies will demand more control over data workload residency, turning to hybrid clouds and edge computing instead of central data centers.
It is important to acknowledge and understand this trend and how it complements developments in data sovereignty legislation. From there, there are immense opportunities for data center vendors of all sizes.