vectorfusionart - stock.adobe.co
The rise and risks of sovereign data strategies
Data and analytics leaders need to understand what is happening now to mitigate risk and exploit data-driven opportunities
The exponential growth of data and increased cloud usage in Australia have thrown many challenges at data and analytics leaders in recent years, but rising sovereign interests and regulations impacting data around the world are creating an intense headache that they must understand and manage.
Many large and influential countries or regions – such as the European Union, the US and China – have or are issuing policies and rules in different forms and scope. Within Australia, the Digital Transformation Agency is currently working on a new sovereignty scheme. These policies concern how data is stored, processed, used, analysed, shared or otherwise exploited by public and private organisations.
The problem is that data and analytics leaders are faced with inconsistent and conflicting regulations from different countries that make the task that much harder – and the list of regulations seems to grow every day. These emerging and evolving sovereign data strategies and policies make for a complex, continuously shifting landscape. All at once, they are struggling to coordinate efforts that cross business units and organisations that span multiple jurisdictions.
Gartner predicts that 10% of global businesses will operate more than one discrete business unit bound to and by a specific sovereign data strategy by 2025, at least doubling its business costs for the same business value.
Data and analytics leaders must understand what is happening now so they can adjust their data, analytics and digital strategies to mitigate risk and exploit data-driven opportunities from within the different policies and strategies.
Impact on your business
Sovereign data strategies will, out of necessity, overlap and possibly conflict with your own data and analytics or digital strategy. This is because data is at the centre of every aspect of private and public life, and increasingly, sovereign states are more involved with both.
The data you use to run your organisation might be the exact same data a central government agency might use to look for bad actors. Even if your data is subject to regulatory risk, it could still be used for so many purposes. And the techniques used to search and infer knowledge from data continue to develop.
Your organisation is fuelled by data – it drives every decision everyone makes and is a prioritised investment for many organisations. Who doesn’t want to be data-driven? Sovereign states and governments are no less aware of the power of data. Each jurisdiction is, in its own way, trying to implement its own goals using data.
The interests of both sets of stakeholders overlap. You can no longer develop a data or digital strategy and not be concerned with current and pending sovereign data strategy implications.
Your organisation employs capital to meet its needs and can include access to data sources, analytics capability, as well as compute and storage assets. To you, these might be second nature and part of the cost of doing business. Sovereign states are wise to the same investment choices.
While motivations may differ, each sovereign will have its own direct outcome as it pertains to the use of, and access to, your organisation’s public and private cloud infrastructure. Your cloud infrastructure, even how you structure your whole business, is now impacted by what and where sovereigns will develop, deploy and offer sovereign or cloud infrastructures services.
All the enthusiasm for cloud ecosystems and industry clouds may fall by the wayside as the reality of sovereign data policy takes hold.
In so far as there are free markets, several sovereign states are seeking to either create their own markets in which data is to be shared, or are seeking to subvert regular established markets to their own political ends. There is no judgement here – but it’s in this overlapping area that the forces are probably the most significant, and the risks greatest for organisations and sovereigns.
For organisations, your business plans might be upended when politicians decide to create a public market for what you considered to be competitive. For sovereigns, they are effectively bypassing free market forces for political ends – and, as such, those politics can change and so markets can come and go more easily and disruptively.
What you can do about it
Set up a monitoring station or capability for the sovereign regions in which your organisation operates. Regulations spanning how data is stored, used, processed in applications, mined for insight, shared for collaboration, including intellectual property and software, will continue to emerge, evolve and change almost continuously. These policies, individually or organised as discrete strategies, may not settle down for at least two more years as sovereign data strategies become more understood and comprehensive.
Consider adopting a connected governance programme to coordinate a broad-based response to guide and inform business strategy. This will help to address risk mitigation efforts, as well as develop competitive positions, should opportunities arise.
Where regulations conflict with your business model, consider lobbying the sovereign state or jurisdictional political process to try to adjust the policy direction. Or, at the most extreme, adjust business practices to cope with the situation, such as replicating some or all of your business systems, practices and operations across discrete sovereign states. Ultimately, you may even guide leadership to consider exiting the business or market in question.
Sovereign data strategies will only grow in popularity, breadth, complexity and impact. It is critical to understand what is happening now, so you can adjust your organisation’s own strategies.
Andrew White is a distinguished vice-president analyst at Gartner, focused on the chief data and analytics officer role and responsibility, including strategy, governance, organisation and roles, business value of data and analytics, and more.
