Everything You Need to Know About Digital Sovereignty
07//12/2022Charles Kergaravat
Table of contents
Data regulations are constantly changing, but the bottom line is: it’s up to your business to handle employee and customer information responsibly. Doing so is much easier said than done.
Companies have an average of 17 different apps leveraging customer data alone. Ensuring compliance across each of those apps, and any employee data tech, is a complex task. Consider that 92% of the western world’s data is actually housed in the US, where the laws are often in conflict with European laws, and that task compounds in complexity exponentially.
Digital sovereignty enables your business to effectively and compliantly handle your data. You control what data your business has and where you store it, staying in line with local data regulations.
In this article, you’ll learn what digital sovereignty is, why it’s important, and what you can do to stay compliant.
What is digital sovereignty?
Digital sovereignty describes a party’s right and ability to control its own digital data. It includes control over a company’s digital environment, including customer and employee data, software, hardware, and other digital assets.
Digital sovereignty fluctuates as businesses grow and develop, meaning that companies can achieve it to varying degrees. For example, you might have total data sovereignty with locally based servers, but your technological sovereignty is limited due to legacy systems in place.
Ideally, companies should aim for total digital sovereignty. As a business leader, you’ll have total authority over all your data and digital assets, so you can take the right measures to keep it secure.
But it’s not a straightforward process, particularly for businesses in Europe. Before we explain why, let’s cover two important terms for understanding digital sovereignty: digital assets and corporate governance.
What are digital assets?
A digital asset is a discoverable, owned item of value that your company stores digitally.
For example, a document that outlines a company process would be valuable to the company, but a meme shared in a Slack channel would not.
Here are some examples of digital assets that may be created and owned by the company:
Documents
Images
Audio files or clips
Videos
Company logos
Presentations
Spreadsheets
Websites
Effectively managing your digital assets is a key part of digital sovereignty; you need to know what data you have, how to store it, and how to use it in line with data regulations. That’s why effectively managing your digital assets is so important (we’ll discuss how to do this in more detail later).
What is corporate governance?
Corporate governance involves effectively managing a company to enable it to do the following:
Follow robust and standardized processes, procedures, and data flows
Ensure legal compliance
Uphold the company’s values and integrity
Promote good relationships with stakeholders
Essentially, governance ensures that businesses are organized, efficient, and compliant with the law—all of which are key for digital sovereignty.
Digital sovereignty in Europe: What’s the deal?
Recall that nearly all of the western world’s data is stored in the United States. Globally, we rely on tech companies in the US and, to a lesser degree, China to store and manage a huge amount of data.
With so much data storage and processing happening overseas, European governments and policymakers are raising concerns. They want stronger parameters in place to use and store data locally, which will ensure European countries can manage their own data, improve their digital ecosystem, and increase digital sustainability.
To overcome this challenge, European digital sovereignty requires the strengthening of its regulatory autonomy. This means setting its own rules and helping them prevail alongside the dominant players.
Here’s a simplified overview of how this can happen:
All European data must stay in Europe
European regulations and legislation must be set and followed
Data storage and processing must stem from European IT companies
Implementing these steps is no easy task, leaving many European businesses still struggling to manage and control their own data.
Take a look at Apple, as an example.
In June 2021, the company announced a Private Relay service. This service encrypts data so that no one (including Apple) can see a users’ online browsing activity.
Vodafone, Telefonica, Orange, and T-Mobile sent a joint letter to the European Commission to voice their concerns about the feature.
The group wants Apple to stop using this feature as it’ll prevent them from effectively managing their networks by restricting their access to crucial data.
In other words, Apple’s data privacy move impacts European digital sovereignty.
What is Europe doing to move toward data sovereignty?
The good news is Europe is rolling out initiatives to help European businesses gain control of their critical infrastructures.
The Digital Markets Act (DMA) and Digital Services Act (DSA) are in place to create a fairer and safer digital space for businesses. They protect user rights and create a level playing field for businesses to innovate, grow, and compete.
The General Data Protection Regulation (GDPR) is another example. The legislation came into force in 2018 to protect personal data across Europe.
There are also agencies helping companies to take charge of their own data, such as Numspot. Numspot is a joint venture by La Poste, Dassault Systèmes, Bouygues Telecom and Caisse des Dépôts to create a trusted, locally-based cloud server. From mid-2023, French businesses (and even the public) will be able to keep their data in the country where they can keep a better eye on it.
Numspot is one firm in a new wave of data sovereignty companies cropping up in Europe in an effort to help businesses govern their own IT systems and the data they manage.
Established European software companies offering a secure cloud do exist. OVH, for example, is an existing cloud provider in France and a founding member of CISPE (Cloud Infrastructure Services Providers in Europe).
As of 2018, the UK and each European country have data protection authorities that supervise data compliance. In Europe, these authority representatives are organized into a group called the European Data Protection Board (EDPB).
The EDPB members are tasked with:
Issuing guidelines and making recommendations
Advising the European Commission on data protection matters
Ensuring consistent applications of the GDPR, especially when data crosses borders
Resolving disputes between countries around data handling
All of these regulations and initiatives are helping Europe gain control of its digital infrastructure, capacities, skills, and data.
But there are still some hurdles to overcome—which brings us to the CLOUD Act.
Where does the CLOUD Act come in?
The CLOUD Act (Clarifying Lawful Overseas Use of Data Act) is a US federal law.
The law allows US authorities to access electronically-stored data from US companies with cross-border operations (subject to a court order and providing the data is relevant to an ongoing investigation).
This means the US government can access data from US-owned European companies.
For example, companies such as Microsoft, Amazon, and Google are all US-owned, but they have data centers across the European Union (EU). The CLOUD Act also allows countries in the EU to form agreements for exchanging data. Take a look at the agreement between the US and the UK as an example.
But, the CLOUD Act has caused some controversy in Europe because it can restrict digital sovereignty. With so many servers and companies located in the US, European countries are bound to the rules of US law. As a result, they’re unable to achieve digital sovereignty.
Paul van den Berg of the Dutch National Cyber Security Center (NCSC) reported:
“Companies and organizations are actually less and less able to guarantee or ensure that the information they process is sufficiently protected against access by foreign, non-European, powers.”
On top of this, there are claims that the CLOUD Act conflicts with the GDPR.
For instance, let’s say a US company asks for data from their French operation about a group of their customers. To comply with the CLOUD Act, the French office is required to disclose this information—but in sharing this information, the French office is no longer compliant with the GDPR.
Now more than ever, Europe is stressing the importance of using cloud services based in the EU. This ensures that personal data is protected within EU data protection laws and in line with EU values.
Why is digital sovereignty important for businesses?
Over the last decade, digital sovereignty has become a key element in digital policy discourses. Unsurprisingly, this has had a knock-on effect for businesses.
Cisco found that 76% of globally surveyed consumers wouldn’t buy products from a business they do not trust to manage their data. Furthermore, over one-third (37%) have switched to a competitor because of data privacy practices.
Let’s explore some of the arguments for digital sovereignty for businesses.
Control and regulate data
Becoming a digital sovereign means managing your own data. You have authority over the data you collect, where you store it, and how you manage it.
This is beneficial for businesses because you’re able to keep better tabs on your data, you’re never locked out of accessing it, and you can see when it’s been completely erased from the system.
You’ll also have a much clearer picture of what information your company keeps in the database. Not only will this help you better structure and organize your existing data, it’ll also help you stay on top of compliance with data privacy laws (more on this later).
It’ll also help you keep on top of your own governance, so you can ensure everything follows your internal privacy practices. If it doesn’t, you have the authority to make the necessary changes immediately.
Guarantee compliance with data protection regulations
Risk is inevitable when controlling and regulating your own data. Since you’re the reigning authority on customer information, it’s down to you to ensure you successfully protect that data.
If your business doesn’t follow regulations, you risk penalties, fines, and losing trust with customers.
When data is housed externally, it’s harder (or impossible) to detect nefarious activity, poor data protection processes, outdated storage systems, etc.
The good news is, using a local server or cloud provider makes it easier to follow local data protection rules. A recent study shows that of those IT/IS managers who use a local cloud provider, nearly one-third use it for regulatory compliance and one in five use it to fulfill digital sovereignty requirements.
So, how does a local cloud or service provider help you comply with data privacy rules?
Simply put, storing your data locally gives you easier access to it. It’s already in the country, and you don’t have to worry about your data having to follow regulations from other countries.
In other words, locally storing your data makes it easier for you to ensure that everything complies with your local privacy regulations. Without this level of transparency, it becomes harder to monitor your data and comply with local regulations.
Create trust with employees, clients, and stakeholders
Embarrassing public data breaches happen all the time. The Covid-19 pandemic caused a huge influx of customers for digital platforms that simply weren’t equipped for it.
Put yourself in your customer’s shoes for a second. How would you feel knowing that a company you trust isn’t following data privacy regulations? Chances are, you’d be concerned about your personal information (like your home address and credit card details).
To build trust, you need to be transparent about how you store and manage customer data.
This is where digital sovereignty comes into play.
By having control of your data and processes, you can provide total transparency to your customers. You can tell them exactly where their data is stored, how you manage it, and what you do with it.
How to gain digital sovereignty and master your digital assets
Let’s take a look at some of these best practices for mastering digital sovereignty.
Review data regulations
Start by getting yourself up to speed with data regulations and governance set out by your country, governing body, or industry.
How you do this is highly subjective; the regulations you need to follow depend on where your business operates and what industry you’re working in. You’ll need to conduct your own research to make sure you’re abiding by the laws and regulations that apply to your business.
To learn where you need to start and gauge how big of a task this will be, take a look at the European Commission’s rules about the protection of personal data.
If you’re concerned about sourcing the right information, consider either talking to an external data compliance consultant or training an employee to act as the internal data compliance officer. That way, you can rest assured that you’re getting reliable advice on the best practices for data privacy.
Analyze your own data and technology
With a solid understanding of data regulations and privacy laws, you can review how you use and store data. This should help you understand the granular details of your data collection. From here, you can identify vulnerabilities and pinpoint areas of improvement.
Here are some examples of information you need to analyze:
Where does your data come from? Do you collect data from your website? Consider other areas that supply data, such as subscriptions, transactions through third-party platforms, and customer support. You need to know how data comes into your business so you can manage it effectively.
What type of data do you store? It’s important to know exactly what type of data you obtain from your customers and employees. Data examples include personal information (name, location, email address, phone number), IP address, browsing history, social media activity, conversation history, and online behavior. You’ll need this information to make sure you follow data privacy regulations.
How do you use the data? Do you send newsletters to their email addresses? Or maybe you use IP addresses to pinpoint popular geographic locations for your customers. Is this allowed in all areas where your business operates?
Which technology companies do you use to obtain and store data? The digital tools you use to gather, store, and manage data could be the difference between being digitally self-sufficient, or relying on an international server. Review all the platforms you use to collect and manage data and identify where the servers are located.
During this process, it’s important that any digital transformation shouldn’t impact your agility.
In our fast-paced digital age, your business needs to keep up with competitors. If you take too many steps too fast, your efficiency could take a hit.
Take time to determine the best way to implement any changes and work with a change management team if technology updates are significant and productivity is critical.
Create a plan for digital asset management
We’ve already talked about the importance of digital asset management when it comes to digital sovereignty. Now, let’s look at exactly how to do it.
Let’s explore some ways to manage your digital assets effectively:
Understand the digital asset lifecycle. Start by reviewing the digital asset lifecycle. Understanding this process will show you what to expect as your digital assets progress over time. The key stages involve creation, ongoing data management, distribution, and archiving.
Review your existing assets. Take a look at your existing digital assets to get yourself up to speed with what you have, how it’s organized, and what you’re missing. This should give you a good idea of how you might want to improve your current digital asset management.
Choose a digital asset management platform. Find the right asset management platform for your business by identifying the features and capabilities you need. Then, conduct your search based on the capabilities you want. For example, you might want to categorize your assets by type. With this in mind, you’ll search for a platform that offers this functionality.
Create a digital asset management plan. After reviewing your existing assets, you can now look to the future and create a plan of action for your digital assets. In this plan, you’ll outline your goals for digital asset management, how you plan to organize and structure your assets, who’s responsible for managing certain assets, and where the assets will be stored.
Organize and structure your digital assets. Based on the plan, you can start to roll out changes to improve your digital asset management. If you’re making drastic changes, rolling them out in phases can help manage the process.
Use Apizee to host virtual calls and improve visual collaboration
Apizee is a cloud-based telecommunications platform that helps businesses effectively connect with customers, stakeholders, and colleagues. Using real-time web and mobile communication, businesses can keep in touch both remotely and on-site.
When it comes to digital sovereignty, using Apizee is a step in the right direction.
We take digital security and privacy seriously. All of our data is stored in Europe, while our research and development teams are in France. We’re also up to speed with the GDPR.
Here’s how we renewed all our systems and processes to abide by the new regulations:
Privacy by design. Our software architecture ensures that the data that passes through our solutions are secure and encrypted.
Analysis of the internal uses the GDPR is concerned with.
Security audit to detect intrusion risks.
Appointment of a “pilot” to ensure the GDPR is respected within the company and throughout the subcontracting chain.
Inventory of service providers related to the processing of personal data to ensure compliance.
Implementation of procedures in case of data breach.
Mapping of personal data collected and definition of the framework of use.
Awareness of internal training of employees.
Update of our contractual documents, including clauses concerning personal data protection.
You can also find out more about our data privacy regulations in our privacy policy.
Take the first step to digital sovereignty with Apizee
The path to achieving digital sovereignty can be long and complicated. There are plenty of challenges to overcome for full control of all your data assets, but it’s possible.
Today, not many European companies can say they have total control over customer data. With information leaks proliferating, being the sole data authority is a competitive advantage.
Consider Apizee in your move toward digital sovereignty. Our secure video-communication platform focuses on digital customer interaction, visual assistance, and enterprise collaboration. Contact us for a free quote.
