Data Residency is suddenly important for Rewards and Loyalty programs but why so?

Data Residency

Many consumer brands and a wide range of B2B companies are successfully operating globally so why is data residency suddenly an issue?

In short, often under the guise of privacy and data protection or ‘national security, many Governments have realised the intrinsic power of ‘big data’ and the fact that much of it currently lies outside of their reach.  

For us as individuals, there is genuine concern regarding who is holding our data, how much, how securely, and exactly what is the holder doing with it? In the current climate, many of us might admit to considerable unease on learning that our data was being held in Russia or China. Similarly, the same may apply to individuals in those same countries with regard to data being held in the US or EU. 

The converse is true for Governments of a more nationalistic or paranoid persuasion who have a strong motivation to ensure they hold all the cards when it comes to their citizens data and how it is employed. While other more enlightened nations are sincerely concerned with the potential commercial or criminal abuse of personal data when Cybercrime is at an all-time high with an estimated $6 trillion of damage already caused in 2022. 

However, regardless of the motivation, where laws have been passed companies and organisations must comply to operate in such jurisdictions.

For example:

> China recently passed a data security law, with significant financial penalties for companies that violate its new cross-border data transfer rules, followed by a personal information protection law, China’s answer to the EU’s General Data Protection Regulation (GDPR). All of which took effect in 2021.

> Brazil’s own version of the EU and UK’s GDPR came into force in 2021. 

Data Residency Regulations

According to UNCTAD 71% of UN members have legislation in place to protect data and privacy while a further 9% are in the process of drafting legislation. Only 20% either have no legislation or currently have no opinion on the matter. For comparison when it comes to laws against Cybercrime 80% already have legislation and 5% are in the process. So, the two issues would appear to have similar importance for world Governments.

What is the impact on organisations operating rewards and loyalty programs?

Rewards or loyalty programs tend to hold databases containing details of the program members – which may be at a relatively simple or quite detailed level depending on the program.

Essentially, in any jurisdiction where data residency laws apply, data on individuals may need to be held locally and not permitted to reside on or be moved across servers in any other country. In effect, this data must be either held on local servers or use cloud providers that offer residency support or work with what are called residency-as-a-service providers.

Being prepared for Data Residency requirements

Data Residency legislation basically states where data can be stored, viewed, and processed.

While viewing (for example confirming someone’s delivery details for a shipment) and processing data (such as executing a credit card payment) it is the storage of the data that tends to be the most contentious area.

There are then three conditions for where each of these activities can take place:

Replicated – where all three activities can take place both inside and outside of the jurisdiction

Restricted – where only viewing and processing can take place regardless of jurisdiction with storage being restricted to within the jurisdiction

Redactedall three activities can only take place inside the jurisdiction.

Clearly in the last case servers and data storage can only reside inside the jurisdiction which inevitably creates a major challenge for any company with global ambitions, with potentially each operating jurisdiction requiring a different configuration.

Fortunately, as our world-leading digital rewards platform, has been built and developed on Salesforce, we can readily accommodate Data residency-as-a-service so our clients can configure their rewards and loyalty programs to comply with whatever the local jurisdiction requires. Without of course having to worry about what servers to deploy where.

It also helps to simplify growing a business by expanding into a new jurisdiction where differing regulations apply or responding quickly where new regulations are introduced into existing operating jurisdictions.
Data residency is clearly not going to go away and the landscape is likely to get more rather than less complicated for rewards and loyalty program operators, so maybe now is a good time to review your requirements.

At Reward the World™ it is in our DNA to try to anticipate the market challenges facing our clients and figure out new ways to help them respond. Data Residency is a classic case in point where we anticipated the emerging challenge and have proactively identified a solution – in this case, Data-residency-as-a-service. As Peter Drucker once declared, “Innovate or die” and we believe it is as true today as it was when he said it in 1999.

Data residency is one of those issues that can suddenly become an unexpected but major inhibitor to market growth.  Better to be prepared than caught unawares, so If you are interested in discussing your existing or upcoming data residency needs, please contact us now.