Data sovereignty refers to national laws concerning the collection, storage, and transmission of data. The General Data Protection Regulation (GDPR) in Europe and the Health Insurance Portability and Accountability Act (HIPAA) in the US are examples of these laws. Data residency refers to where data is physically stored and is often specified by data sovereignty laws. Personal data about individuals is a primary target of regulations, but other data can be regulated too.
When you store data on premises in your own data center, you have complete control over how and where the data is stored. When you store data in the cloud, you are responsible for understanding how and where that data is physically stored, and you are responsible for ensuring you comply with applicable data sovereignty laws. For hybrid cloud configurations, you need to pay attention to where both the on-premises tiers and the cloud tiers are stored.
The good news is that all the major cloud providers are fully aware of the laws and have procedures and information to help you comply. But it’s still important that you select the appropriate products and procedures for your specific needs.
In many cases, storing your data in the cloud makes it possible to keep data within the boundaries of a country where your company has no physical presence.
Here are some examples of the compliance information from NetApp and from cloud providers: