How to comply with data residency requirements with Fivetran

Learn key considerations in establishing data residency requirements.

Centralizing your data unlocks the possibility of new complex reporting and advanced analytic capabilities. New reporting insights drive decision-making that can keep your enterprise competitive. Centralizing data, however, especially in a cloud destination can require some additional thought and planning to keep your data safe. 

With data flowing globally from distributed teams, and a variety of sources to various different cloud data destinations, there is a growing need for data security, privacy, and residency to protect valuable business, customer and other sensitive data. Compliance regulations, such as the EU’s GDPR, India's Personal Data Protection Bill, and the California Consumer Privacy Act to name a few, are creating a new standard by which companies must protect user data. One of these requirements is data residency.

What is data residency? 

Data residency requirements ensure that citizen or resident data is only collected, stored and processed within the country of residence. Drivers for data residency include tax implications for your business based on where your data is stored, a consumer push to have better control over how and where their personal and sensitive data is being processed and used, and company policies for data protection and handling. Data residency, also referred to as data sovereignty, ensures that citizen and resident data is being stored and handled in accordance with the local and regional jurisdiction.

Growing data distribution, diversity and dynamism can make managing data residency a shared headache across data, IT and security teams. 

Data residency vs. sovereignty vs. localization

While data residency, data sovereignty and data localization are often used interchangeably, there are nuances and specifics behind them that are helpful to understand as you build your data compliance strategy. 

  • Data residency usually applies to the geography where data is stored for tax or regulation compliance.
  • Data sovereignty refers to the laws that apply to the data based on the country where the data is held.
  • Data localization laws legally require that some data must be kept where it was generated or created.

As you move your data around, you’ll need to ensure you understand where the data came from and what policies and regulations are applicable. 

Evolving complexity of the data residency landscape

Gartner predicts over 85 percent of organizations will embrace cloud-first by 2025 and will not be able to fully execute their digital strategies without the use of cloud-native architectures and technologies. Going cloud-native indicates being reliant on cloud infrastructure for executing all business critical workloads. The same report shows that more than 95 percent of new digital workloads will be deployed on cloud-native platforms, up from 30% in 2021.

Over the next few years, industry analysts also estimate cloud revenue will surpass non-cloud revenue for relevant enterprise IT markets. Consider that global cloud revenue is forecasted to be $474 billion this year, an increase of 16.1 percent over 2021.

As companies move to the cloud, they must maintain control over where their data is processed. Regulations like GDPR are forcing companies to look closely at data residency and make decisions to ensure they remain compliant. It is paramount for organizations to incorporate the demands of this fast-evolving privacy landscape into their business’ data strategy. 

Organizations need to take compliance requirements and laws into consideration while choosing any software provider. This will directly impact how businesses are compliant with ever-changing data residency and data sovereignty laws at present and might also influence their ability to do business in certain geographies or countries in the future. We have already seen this with the decline of companies selling to the EU post-GDPR

Key considerations in establishing data residency requirements

As you build out your global data handling strategy, your team will want to consider the following questions: 

  • Do I know where this data originates from? 
  • Can I restrict/control where data is stored? 
  • What global or industry policies apply to my data worldwide? 
  • Do we require a multi-cloud strategy to handle geo-diverse data? 

How Fivetran supports data residency requirements

Data residency regulations determine where your data and metadata are processed and/or stored. Fivetran can help you comply with such requirements while ensuring you have easy access to the data you need in a safe and secure manner.

All Fivetran customers have control over the geographic location where their data is processed. Customers on some plans can additionally choose their specific cloud provider and cloud region to meet more stringent requirements. Fivetran today supports customers who need to maintain data residency in the US, Canada, UK, EU, Australia, India and Singapore. The data residency location is configurable per destination as well, so customers who operate globally can, for example, choose to keep EU data completely separate and within EU borders, while doing the same for their US data. 

For companies that are subject to more specific regional data handling requirements, our Business Critical Plan allows users to select the specific region their Fivetran infrastructure runs in. For example, a company can choose to run on AWS in Ireland on eu-west-1 (Dublin). Not only does this support data residency needs but global multi-cloud use cases as well. 

It’s important to ensure that data in movement remains protected when moving across different services in the cloud. We encrypt data both at rest and in-flight to keep data secure. To strengthen these controls further, Fivetran offers capabilities around hashing and universal column masking. If your company needs to generate global sales analytics, you can block or hash sensitive data columns that should not leave its territory before consolidating data into a single report that is generated in another location. This is critical as certain datasets require enhanced protection to mitigate risks of data breach and inappropriate access.

Download this whitepaper to learn more about Fivetran's security framework and program.

Whitepaper: Fivetran’s security framework and program


Start for free

Join the thousands of companies using Fivetran to centralize and transform their data.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.