Why Data Sovereignty Matters in the World of Emergency Tech
Summary
-
Data sovereignty is a huge part of the transformation piece
-
Information regarding crimes and investigations is known as enforcement data
-
Data sovereignty is particularly critical for the UK, especially in light of high-profile investigations such as the one involving Microsoft
-
Microsoft uses a “follow the sun” model of support for its hyperscale platform
-
UK GDPR violations can result in fines up to £17.5 million or 4% of annual global turnover, whichever is higher
-
Data has become one of the most valuable commodities, driving innovation, efficiency, and economic growth
Intro
The immense potential for digital transformation to improve services for citizens and value for taxpayers, as well as to advance the UK’s national digital capability, is phenomenal. Data sovereignty is a huge part of the transformation piece, as it aims to protect the data rights of citizens, enhance national security, and ensure that the economic benefits of data processing and storage remain within the country.
This means that data is governed by the legal frameworks of the specific country, i.e. UK, ensuring that local regulations on privacy, security, and access are enforced. Data sovereignty is particularly critical for the UK, especially in light of high-profile investigations such as the one involving Microsoft and its handling of personal data with UK police data.
Information regarding crimes and investigations is known as enforcement data. The UK Police store enforcement data in Microsoft’s hyperscale cloud infrastructure, but the data must not leave the UK’s shores. The problem is, the data may be replicated and processed anywhere across Microsoft’s cloud infrastructure, including data centres overseas. Our criminal case files are being transferred to the US or Asia (particularly but not exclusively India). This is a problem for the Scottish Police Service in particular because there are no cloud data centres in Scotland. At the very least, case files and evidence that are subject to the laws of Scotland are routinely stored in a different legal jurisdiction (England & Wales) if not transferred to Europe or further afield.
Data Security Starts at Home
As we know, UK police data includes highly sensitive information crucial for national security and public safety, and ensuring that this data is controlled and protected under UK laws minimises the risk of unauthorised access and misuse. Maintaining data sovereignty ensures that sensitive information related to ongoing investigations, intelligence operations, and personal details of citizens is safeguarded from external threats and foreign surveillance. Some organisations, such as the Police and other public sector bodies, have tighter restrictions placed on them. Section 3 of the DPA2018 stipulates that enforcement data must remain within the UK.
By enforcing strict data sovereignty measures, the UK can prevent such incidents and maintain trust in both public and private sector organisations by guaranteeing compliance with UK GDPR and data protection laws, as well as the UK retaining control over its critical data assets, reducing the risk of foreign interference and cyber attacks. Under UK GDPR, violations can result in fines up to £17.5 million or 4% of annual global turnover, whichever is higher.
Knowing Where Your Data is Stored and Processed
The potential risks associated with outsourcing data storage and processing to foreign entities emphasizes the need for stringent data protection measures to ensure compliance with UK laws and safeguard national security. Organisations face significant challenges in increasing the efficiency of their growing cloud spending. Cloud environments are complex and dynamic due to the breadth of services and the drive to adopt new technologies, such as Arm-based processors and GPUs that enable AI capabilities. These complexities make it difficult for organisations to fully understand the factors contributing to their cloud costs.
Simply put, the cloud is “just someone else’s server” unless it’s a private cloud of your own servers. So, the question you always need to ask is, where are your cloud providers’ data centres located?
You Need to Know
UK businesses need to verify that either:
- The data centres are located in the UK, or
- The data centres are located somewhere that has an approved adequacy decision, or
- Suitable steps have been taken to provide “appropriate safeguards”
Microsoft uses a “follow the sun” model of support for its hyperscale platform. Let’s say you have a technical issue in the middle of the night, you’ll be connected to someone in a Microsoft support centre, in a different time zone, who is working during their day.
Guaranteeing UK Data Sovereignty
We believe in guaranteeing UK data sovereignty, that’s why we deliver more choice and more options allowing you to mix and match multiple technologies and solutions to reduce the time, cost, and risk of modernising your existing IT whilst adopting new digital services. We partner with the leading technology providers, enabling you to harness a variety of ‘as-a-service’ models which allow you to focus on delivering innovative solutions rather than maintaining or building IT systems so you can suit your budget requirements.
We use our cloud expertise and our unparalleled public sector experience to ensure you never have to compromise the availability and integrity of the solutions that your organisation depends on. Whether you are moving legacy workloads to the cloud, or developing a more visionary cloud native strategy, our multi-cloud platform can scale with you as your public sector business grows, and can ensure that you meet any strict requirements around data sovereignty.
Data is the New Gold
Data is, or certainly will become, that all important national asset. A very well-respected think tank has estimated that 92% of all data in the Western world is actually stored in the U.S., not by U.S. companies, but actually physically located in the US. As the market share of European cloud service providers is less than 10%, we need a real alternative to those technologies, as we will always be hostage to technologies that are not as trusted as we want and often need them to be.
The Conservative UK government’s National Data Strategy did aim to leverage data to boost the UK economy by an additional £27 billion per year by 2025, underlining the importance of data sovereignty in economic growth.
In Conclusion
Data has become one of the most valuable commodities, driving innovation, efficiency, and economic growth. For the UK, ensuring data sovereignty is essential for maintaining control over its digital assets and safeguarding national security. As global data flows continue to expand, having robust policies and infrastructure to manage and protect data within national borders becomes increasingly important. For businesses, data isn’t just an operational necessity—it’s a critical asset that underpins strategic decision-making and competitive advantage. Therefore, data sovereignty is vital for UK economic growth, and safeguarding your business data should be a top priority, recognising it as a crucial business asset.