With stronger information privacy and data protection laws coming into effect in South Africa and other parts of the continent, businesses operating in Africa must think carefully about where and with which providers they host their cloud enterprise data and applications.
That’s according to Albie Bester, SEACOM Global head of Cloud and Hosted Services, who says that the issue of data sovereignty is growing in importance as African companies adopt cloud services to take advantage of the flexibility and cost-savings they offer.
In addition, many organisations expanding into new African countries rely on the cloud to get their systems up-and-running quickly in the absence of established infrastructure. However, before they rush to use offshore cloud providers, companies should evaluate how new laws such as South Africa’s Protection of Personal Information (POPI) Act will affect their choice of cloud provider.
POPI, for example, prescribes how companies should manage, store, and use customers’ personal information. Says Bester: “POPI restricts companies’ ability to transfer customers’ data to data centres in countries that don’t offer the same level of consumer data protection as the Act. This also applies to the back-ups and copies of the data.”
“Thus, when choosing a cloud provider, companies need to ask where the data will be stored and ensure that the provider has data privacy and security measures in place to safeguard the information. With these laws in place, we think it is often wise to use cloud services located within the same country where the customers are.”
In addition to privacy laws, another data sovereignty issue that companies must consider is that some of their customers might be sensitive to having a government in a foreign country subpoenaing their data, says Bester. Many customers want to know that they will not be subject to snooping, he adds.
Far from feeling pressurised by the enactment of data protection laws throughout Africa, companies should see them as bringing certainty to the market, adds Bester. Frameworks such as POPI give them the certainty they need to aggressively adopt cloud services by giving clear guidance about where data can be storied and how it should be managed.
Another benefit of POPI is that South African companies with clients, employees and businesses in other countries may be able to bring that data closer to home, says Bester. Many countries insist that customer data can only be stored in jurisdictions with laws similar to their own. For example, companies with clients in the UK may store their data with a cloud provider in South Africa when they could not in the past. This is because POPI aligns South African data protection laws closer with those in regions such as the UK.
South Africa’s personal data protection laws are largely in line with those of the European Union, which are hailed as some of the best in the world. “This will promote the cross-border flow of information, which will help to drive the cloud market in South Africa,” says Bester.