The complex state of data protection around the globe

By Bill Marcus, contributing writer

(HPE INSIGHTS) Doing business around the world has never been easier, thanks to advances in tech, communication, and globalization. The caveat is that while globalization is opening up markets, nations are rolling out data protection and privacy laws to protect their citizens’ data. Furthermore, misunderstanding a local language or a cultural nuance can trip up a global enterprise trying to correlate data across multiple regions.

As global companies collect more data from more customers than ever before, there are tremendous opportunities to deliver better products and services to a larger audience, and to drive profits higher. But businesses will have to navigate a complicated web of regulations around privacy, record management, security, and data sovereignty.

Europe’s approaching deadline

Europe’s General Data Protection Regulation (GDPR) takes effect in 2018. The GDPR includes provisions for data retention as well as privacy. A business will also have to have an in-house data protection officer. Businesses that fail to meet these requirements could be fined as much as 20 million Euros, or 4 percent of their global turnover.

Meanwhile, the United Kingdom’s “Brexit” from the European Union is fueling uncertainty among American corporations that have come to rely on British partners as their entry point to Europe. Now there’s the chance that the post-Brexit UK will no longer meet EU standards in cloud privacy, data sovereignty, and data localization.

Konrad Fellmann, worldwide director of information security and compliance for Cubic Transportation Systems, says his company set up a service desk in the UK in part because his customers valued EU data protections. While exiting the EU could lead the UK to change those laws for the worse, Cubic—an integrator of payment information and related services for intelligent travel applications—is cautiously optimistic.

“Our expectation is that the UK will maintain regulations, including data protection regulations, that enable UK-based businesses to continue to participate effectively in the global digital economy,” Fellmann says.

The cost of Russia’s new rules

Beyond the EU-wide GDPR, other countries in Europe (and elsewhere) are using localization and sovereignty statutes to advance data privacy.

In Russia, a new localization law was backdated to take effect in 2015. A foreign firm doing business in Russia must gather, store, and generally work with data on Russian citizens using databases located in the Russian Federation, according to the Intermark annual report.

The European Centre for International Political Economy, a think tank, estimates that it will cost businesses $5.7 billion to keep Russian customers’ data on Russia-based servers.

Data localization as a trade barrier

Similar data sovereignty laws have been implemented in China, India, Indonesia, South Korea, and Vietnam. Brazil enacted a data localization law, but rescinded it when it became clear that it adversely impacted Brazil’s gross domestic product and depressed foreign investment in Brazil by 4.2 percent.

This illuminates other problems: as countries reassess their commitment to their national and domestic technology industries, their data sovereignty laws can be expected to change. How are you going to keep up with the changes? And what will happen when the United States takes action to prevent American business enterprises from the excesses of foreign nations imposing extraterritoriality? The U.S. House Judiciary Committee has only begun to assess the problem.

Privacy laws’ effect on the global enterprise

This past spring, American and European negotiators reached agreement on a compact called the EU-U.S. Privacy Shield. Under its provisions, European citizens can complain about the use of their private data and have the complaint arbitrated by a free dispute resolution service and their own national privacy regulator. But the plan is far from settled, as European regulators continue to press for changes to the convention.

Understanding linguistic and cultural nuances

Global enterprises must consider cultural nuances in data. There are risks in everything from the use of language on a website to the design that may or may not put a domestic customer at ease. Studies have shown that even the data icons used by a global enterprise must be culturally appropriate.

Interpreting local data requires human insight, says Jillian Falconi, VP of marketing at Falcon.io, a customer experience management platform based in Copenhagen.

“What people write is not always what people mean,” she says. She notes the sarcastic tinge to social media chatter immediately following the decision by British voters to exit the European Union. “A lot of people were shouting on a social channel ‘Great job, Britain,’ and it was definitely not a compliment. It’s a use of irony.”

Other business leaders point to cultural norms, like shyness, as obstacles to be navigated when analyzing data. A business doing a survey in East or South Asia, for example, may have to factor in that, among the cultures of these nations, a natural shyness will result in a lower-than-usual response rate, some experts say.

Taken in total, all these factors—from strict rules around how data is gathered and stored to cultural nuances around what it actually means—indicate that global businesses will face considerable challenges in tapping worldwide markets, and they are going to need strategic approaches to data governance, information security, and analytics.

To learn about HPE’s new solution to information governance challenges—including data sovereignty—and other compliance issues, check out HPE Verity.