How to deal with data localisation when trading abroad

Business today is powered by data.

As businesses look to expand internationally, data localisation can become a barrier or an additional cost as you must comply with each country’s legislation. Understanding what is required and factoring it into business processes can be complicated.

This article explains the fundamentals of data localisation:

• What it means and why it is essential to international trade
• How data protection laws impact this type of legislation
• Which countries have this legislation and what they require
• How it will evolve in the future.

What is data localisation?

It’s a country’s legal requirement for organisations that either:

• Mandates the organisation to retain a copy of data about a nation’s citizens or businesses and activities within the nation’s jurisdiction
• Prevents the data from being stored or processed outside of that jurisdiction.

There are different intents and purposes for each country that enforces this type of legislation.

However, the most common reason is to ensure that various government or legislative departments can gain access to specific information without needing to go through legal procedures or courts.

For example, there is legislation that requires the storage of tax-relevant data in Germany (or to get organisation-specific approval with an alternative location and jurisdiction).

The intent is to keep any tax-relevant information within the tax authority’s reach, and where legal procedures of the jurisdiction are understood.

If the German tax office wants to launch a detailed investigation into potential tax irregularities and the data isn’t locally available, it may first need to apply for permission from a domestic court to look at that data and not all countries will grant access to foreign tax authorities.

Germany’s data localisation law ensures the government can get access to relevant data without needing to understand how different legal systems or courts operate.

Data localisation is a part of the broader concept of data sovereignty—the idea that data is subject to the laws, governance and protection of the nation in which the individuals or organisations it relates to, are located, legally reside, or where the transaction legally happens.

As cloud computing becomes more prevalent and concepts of location become more blurred, an increasing number of countries are looking at and legislating for data sovereignty.

The European Union’s GDPR is an example of the exercise of data sovereignty to protect its citizens’ and residents’ personal data.

According to the UN, since November 2019, 107 jurisdictions worldwide had put legislation in place to secure the protection of data and privacy.

Concerns with international trade and data localisation

Data localisation is considered a non-tariff barrier by the World Trade Organisation.

With hundreds of regulations in place and more nations planning to add to the list in the future, data localisation can be complicated to navigate for multinational businesses and those preparing for expansion.

“Dealing with data localisation is a real pain to everybody involved,” says Adam Prince, Sage VP of product management.

“If you want the benefits of central processing of data, but also need to retain local copies for legal reasons, you’ve got to create a duplicate copy of data.

“And then you’ve got to cover the costs of implementing the technologies or procedures to maintain that copy as up to date as required.

“You’ve lost the single source of truth, which is the real challenge.

“If you want to trade in a jurisdiction that operates with data localisation, you need to be aware of what the law is so that you can store a copy of the corporate data slice within the sovereignty or jurisdiction where you’re trading.

“For example, if you want to sell in Russia and you use Salesforce, whose servers are in America, you have to somehow keep a copy of that data accessible to the Russian authorities, or run all your data through a Russian server.

“The latter option complicates things if you’re a US company, given the political differences and levels of distrust that unfortunately exist.”

Data localisation also has cost implications. Because managing laws in different nations can be convoluted, Prince suggests hiring a legal expert with qualifications recognised by the regions in which you plan to trade.

He adds: “Accidental trade can be a serious risk. If you aren’t aware of the applicable obligations, a profitable transaction can easily turn unprofitable once you add up any penalties.”

Data localisation and data protection laws

After data localisation, you must understand and adhere to relevant personal data or privacy laws of the nation, such as notifying the user of how the information will be used and obtaining their consent.

Building data localisation into operations

The best approach when expanding into a new territory is to have robust procedures in place beforehand to investigate both the benefits and any legal obligation such as any data localisation laws that may exist. Then you can build the costs and procedures to address any legal requirements into your operations.

In some instances, you may be eligible for an exemption from data localisation requirements.

In Germany, for example, you can send a request to the tax office informing them that you are using cloud software hosted in the UK and request to have it remain there.

They will determine the risk level and either deny or grant your exemption. Exemptions aren’t the norm and are influenced heavily by politics and foreign relations.

Future implications for data localisation and international trade

In January 2019, the EU and 49 other members of the World Trade Organisation (WTO) began negotiations to place global rules on e-commerce.

These rules would optimise opportunities within international trade and eliminate the challenges of navigating the patchwork of legislation.

Cecilia Malmström, the EU Commissioner for Trade, told the European Commission: “It is encouraging to see so many partners joining this important trade initiative.

“Electronic commerce is a reality in most corners of the world, so we owe it to our citizens and companies to provide a predictable, effective and safe online environment for trade.

“We look forward to working with all interested WTO members, flexibly and pragmatically, to create a truly comprehensive and ambitious set of rules.”

These negotiations—formally known as the Joint State Initiative on Electronic Commerce—are the participating members alerting the WTO that data localisation is a barrier to trade and the initial phase of the ultimate recommendation to update the somewhat dated rules of WTO trade for electronic commerce and cross-border data flows.

These negotiations can take decades but if agreed upon, citizens and organisations can engage and trade globally with less friction, creating a faster pathway to profit.

One of the significant concerns that governments have is that the rules may cede control of local data, which could encourage organisations operating in jurisdictions outside of their primary base to shield things that could be unlawful or even illegal and which the governments have no way of proving.

Steps to take now

If you’re looking to trade internationally, data localisation can be broken down into four steps:

• Investigate local data legislation laws as part of your due diligence. Confirm if the market you are entering requires data localisation.
• Analyse how this legislation will impact your operations processes. What will these requirements mean for how you interact with your customers? How will this impact your workflows?
• Invest in a legal expert to help you mitigate risks and non-compliance. This person should be certified within the jurisdiction you are entering. Their knowledge of the legislation can help you avoid unnecessary pitfalls.
• Embed procedures to meet data localisation compliance needed to both reduce costs but also take advantage of any opportunities that may arise.

Investing in a legal adviser to help you navigate through the data localisation components of international trade is critical. Having this role filled will save you time from the onset.

Another wise preliminary investment is in trade-enabling tools that allow you to easily keep up with legislation in multiple jurisdictions from one central place.

Sage partnered with YouGov to research current and planned activity in trade. The results show that of the 12 countries surveyed, 37% use an ecommerce tool to facilitate international trade and 33% use a cloud-based tool.

Meanwhile, 38% see smart technology as the future for dealing with international trade.

Making this investment early on will prepare your organisation for the new ways you can use smart data for better business.