Data residency: everything you need to know

by | Jul 26, 2021

From data breaches, privacy issues and ever-increasing regulations. Security is no longer just a concern for information technology departments. It’s everyone’s concern. 

And that includes grants and scholarship management, where sensitive data is often collected and stored. 

Ensuring the safety of your program data and the data of your applicants and reviewers is crucial. But how do you know what rules to follow and how best to protect your data?

It starts with data residency, where country and region-specific regulations affect how you collect, process and store your users’ data. And it’s more important than ever to be aware of what obligations you have.

What is data residency?

Although data residency might sound like a complicated term, it’s actually quite simple. Data residency is the specific geographic location where a business or organisation stores its data—the data centre where the data physically sits. That’s it! 

Most data privacy laws and regulations have a requirement for data to be stored in a specific region, so it goes without saying that in order to comply – you have to store your data in a region appropriate to your particular privacy law. 

Why is data residency important?

Geography plays an increasingly important role in data protection. Currently, 128 countries have data protection and privacy legislation and 19 countries have legislation in draft. In the same way that every country has its own laws for its citizens, the same is becoming true of privacy laws and data protection.

The General Data Protection Regulation (GDPR) became effective on 25 May 2018 and is probably the most well-known regulation on data protection. GDPR replaces national privacy and security laws that previously existed within the European Union with a single, comprehensive EU-wide law that governs the use, sharing, transfer and processing of any personal data that originates from the EU.

However, there are other regulations that apply in other regions too. Some of the other most common are the  California Consumer Privacy Act (CCPA), the Lei Geral de Proteção de Dados (LGPD) in Brazil and the Australian Privacy Principles (APP).

For your region, you should understand your data residency requirements. In addition, you may have internal policies that require your data be stored in a particular location. Make sure you are aware of your data residency obligations and work with your legal and compliance teams to continue to stay up to date as regulations and internal policies change and evolve.

In Germany, for example, what may be considered acceptable use of personal data may not be considered so in Canada. It varies from country to country.

And with 47 countries without known data protection legislation, these regional differences will likely only increase in the future. For example, one of the newer regulations, the LGPD in Brazil, came into effect on 18 September 2020. 

But compliance isn’t the only reason. Your applicants and reviewers will experience an improved user experience when data is stored in the same region since it has less distance to travel.

Your data, your choice

Good Grants is a global solution, so you can store your data in your choice of  supported regions. We currently support data residency in the EU, the USA and Australia with plans to expand into several other locations in the near future. 

Visit our data residency page for more information on data residency or to join a notification list for your region.  

Keep your data safe

The security of data and the regulations governing it can be complex. Nonetheless, it has become increasingly important to protect your data and comply with international privacy regulations as well as work to protect your users’ privacy. 

Simply put, your valuable program reputation depends on it.
 

Leverage Good Grants with best practice security measures to protect you, your organisation, your reviewers and applicants.

Take a free 14-day trial to see Good Grants in action.

Search our blog

Categories

Follow our blog