Peter Day, head of privacy and security at Mixpanel, discusses why companies need to consider data residency to meet the privacy needs of customers and the regulations set by each region.
There are three key components when we talk about the concept of privacy: Laws, customs and expectations. The importance of each part of this trifecta will vary across geographic regions, generations, and groups. But in order to meet these diverse expectations, companies processing personal information need to offer their customers regional solutions. Cue data residency.
Data residency is the storage of personal information in a specific geography where that data is processed in accordance with the local laws, customs, and expectations. Opting for providers with a data residency solution helps businesses satisfy their customers’ increasingly regional expectations of data privacy—especially when paired with a robust, globally-focused privacy programme.
Geography’s relevance to privacy in the information age is becoming increasingly important. While large, multi-national privacy regulations such as GDPR or major laws like the CCPA make headlines, there are many smaller, regional laws and customs that are often overlooked.
This explosion in regional privacy laws has left many companies wondering how to navigate these differences by building services designed to respect regional privacy differences. They rightly question how a business can offer services globally while respecting the wide—and sometimes conflicting—array of local privacy laws and customs.
To be able to achieve this, businesses need to consider localised data privacy strategies based on data residency. These are the top three reasons why data residency programmes can play a huge role in solving these data challenges.
- Offering tailored, regional solutions: Given the variance of privacy expectations across the globe, services processing personal information should be built to respect these regional differences. For example, taking into account what may be seen as an acceptable use of personal information in the United States, could be considered controversial in Germany and vice versa. A service supporting data residency allows processing to be tailored to regional expectations through internal processing decisions.
- Planning for local regulations today and beyond: With today’s heavily regulated climate, seeing into the future may not be a business’s priority. Despite this, it’s important to plan ahead when it comes to future regulatory changes. If the last five years are any guide, regional differences in privacy laws are likely to increase. Working with service providers that support data residency helps ensure that information can be collected, processed, and stored in a way that meets all these different requirements.
- Respecting customer privacy: While the definition of privacy varies from market to market, there’s one thing everyone, everywhere agrees on—privacy is important.
Supporting data residency sends customers two signals. Firstly, a business supporting data residency respects privacy (however defined). And secondly, a business supporting data residency can meet regional data protection and privacy requirements.
Data residency programmes also have benefits outside of meeting local security needs. International data centres enable companies to offer faster data processing times since information doesn’t need to cross continents and back to be processed. This enables more responsive analytics, not to mention a better user experience for the end-user.
Companies investing in data residency are not only offering compliance for near-term programmes like GDPR or CCPA, but most importantly, they are creating initiatives to provide a better product for their customers now and into the future.