The exponential data growth and the increased use of the cloud in Australia have posed many challenges for data and analytics leaders in recent years, but the rise of sovereign interests and regulations impacting data around the world is creating a headache intense that they must understand and manage.
Many important and influential countries or regions – such as the European Union, the United States and China – have or issue policies and rules in different forms and scopes. In Australia, the Digital Transformation Agency is currently working on a new sovereignty scheme. These policies relate to how data is stored, processed, used, analyzed, shared or otherwise exploited by public and private organizations.
The problem is that leaders in data and analytics are faced with inconsistent and conflicting regulations from different countries that make it even more difficult – and the list of regulations seems to be growing every day. These emerging and evolving sovereign data strategies and policies create a complex and ever-changing landscape. Suddenly, they find it difficult to coordinate efforts that cross business units and organizations that span multiple jurisdictions.
Gartner predicts that 10% of global enterprises will operate more than one distinct business unit tied to and by a specific sovereign data strategy by 2025, at least doubling its business costs for the same business value.
Data and analytics leaders need to understand what is happening now so they can adjust their data, analytics, and digital strategies to mitigate risk and exploit data-driven opportunities from different policies and strategies.
Impact on your business
Sovereign data strategies will, of necessity, overlap and possibly conflict with yours data and analytics or digital strategy. Indeed, data is at the center of all aspects of private and public life, and increasingly, sovereign states are more involved in both.
The data you use to run your organization may be the exact same data a central government agency might use to track down bad actors. Even if your data is subject to regulatory risk, it could still be used for many purposes. And the techniques used to seek and infer knowledge from data continue to develop.
Your organization is fueled by data – it drives every decision everyone makes and is a priority investment for many organizations. Who doesn’t want to be data-driven? Nevertheless, sovereign states and governments are aware of the power of data. Each jurisdiction tries, in its own way, to implement its own goals using data.
The interests of the two sets of stakeholders overlap. You can no longer develop a data or digital strategy and not worry about the current and future implications of sovereign data strategy.
Your organization employs capital to meet its needs and may include access to data sources, analytics capacity, and compute and storage assets. For you, it might be second nature and part of the cost of doing business. Sovereign states are wise to the same investment choices.
While motivations may differ, each sovereign will have their own direct outcome when it comes to using and accessing your organization’s public and private cloud infrastructure. Your cloud infrastructure, even how you structure your entire business, is now impacted by what sovereigns will develop, deploy, and deliver and where they will develop, deploy, and deliver sovereign or cloud infrastructure services.
All the excitement around cloud ecosystems and industrial clouds could die out as the reality of data sovereignty politics sets in.
To the extent that free markets exist, many sovereign states either seek to create their own markets in which data must be shared, or subvert regular established markets for their own political ends. There’s no judgment here – but it’s in this area of overlap that the forces are probably the greatest, and the greatest risks to organizations and sovereigns.
For organizations, your business plans could be turned upside down when politicians decide to create a public market for what you consider competitive. For sovereigns, they effectively circumvent free market forces for political purposes – and, as such, these policies can change and so markets can come and go more smoothly and disruptively.
What can you do about it
Configure a monitoring station or capability for the sovereign regions in which your organization operates. Regulations covering how data is stored, used, processed in applications, extracted for insights, shared for collaboration, including intellectual property and software, will continue to emerge, evolve and change almost continuously. These policies, individually or organized into discrete strategies, may not settle for at least two years as sovereign data strategies become more understood and comprehensive.
Consider adopting a connected governance program to coordinate a large-scale response to guide and inform business strategy. This will help respond to risk mitigation efforts, as well as develop competitive positions, should opportunities arise.
When regulations conflict with your business model, consider lobbying the sovereign state or jurisdictional policy process to try to adjust policy direction. Or, at the limit, adjust business practices to deal with the situation, such as replicating some or all of your business systems, practices and operations in separate sovereign states. Ultimately, you may even influence executives to consider leaving the company or market in question.
Sovereign data strategies will only grow in popularity, scale, complexity and impact. It is essential to understand what is happening now, so that you can adjust your organization’s own strategies.
Andrew White is a senior VP analyst at Gartner, specializing in the role and responsibility of the chief data and analytics officer, including strategy, governance, organization and roles, business value of data and analysis, and more.