Data Sovereignty refers to legislation that covers information that is subject to the laws of the country in which it is located or stored. Data Sovereignty laws are emerging as a key inhibitor to cloud-based storage of data. These laws also have an impact when information is created in one country but then moved to another country for analytics or processing.

The European Union General Data Protection Regulation (GDPR) is a specific example of Data Sovereignty legislation. Other examples of similar legislation include the following:

  • Canada Anti-Spam Legislation (CASL)
  • Australian Privacy Principles
  • China PRC Cybersecurity Law
  • Russian Federation Data Localization Law
  • Singapore Data Protection Act

While there are significant variations, the Data Sovereignty laws do have broad similarity to the Federal Trade Commission’s Fair Information Practice Principles (FIPPs):

  1. Notice/Awareness
  2. Choice/Consent
  3. Access/Participation
  4. Integrity/Security
  5. Enforcement/Redress

At Information Asset, we have developed a Collibra-based solution that addresses GDPR compliance as well as adherence to other Data Sovereignty legislation. The solution addresses key similarities between different pieces of legislation. For example, a single set of controls may be used to enforce opt-ins across the European Union GDPR and Canada CASL laws prior to sending email marketing campaigns.

The Collibra-based solution addresses critical data elements, data mapping, data inventory, data standards, data controls, and data sharing agreements. For more information on this solution, please see

Sunil Soares
Founder & Managing Partner


Leave a Reply

Your email address will not be published. Required fields are marked *