Scaling Services into the EU Requires a Database Strategy for Achieving GDPR Compliance
The GDPR (General Data Protection Regulation) sent companies scrambling to form a plan for achieving compliance. Since the inception of GDPR other data storage regulations have appeared in Asia, South America, and even California. At this point, there are over 120 countries with their own data regulations.
This guide covers strategies for companies to scale their services into the EU while enabling GDPR compliance, particularly in regards to your database.
- What is GDPR?
- Which rights does GDPR provide for my users?
- How can my database support GDPR compliance?
- How can I set up CockroachDB to support GDPR compliance?
Data Storage Regulations Are Proliferating
In addition to achieving compliance with GDPR, companies need to consider whether their current database infrastructure is flexible enough to achieve compliance with the unique storage regulations that are popping up all over the globe - not to mention the likelihood that the GDPR will become more strict in the future. At some point your business will need an architecture that can adapt to evolving regulations, wherever you do business.
Most data sovereignty laws are specific about the requirement that data is stored locally. With any monolithic database architecture (this includes virtually every mainstream, traditional vendor from Oracle and SQLServer to MySQL and Postgres), this means companies need to run a version of their business or service in each region with strict data domiciling regulations.
This is an expensive cost structure, as these operating costs cannot achieve economies of scale. Technically, this often requires application-level balancing of database connections, loss of transactionality across siloed services, and complexity which accrues cumulatively. Companies will have to weigh that cost with the market opportunity and make a decision. Or, consider updating your architecture to a cloud-native, distributed database.
CockroachDB’s Distributed Architecture Enables Data Regulation Compliance
With a globally spanning CockroachDB cluster companies can pin user data to a particular country/region using geo-partitioning. Pinning the data has the added (and not insignificant!) virtue of decreasing the user-experienced latency.
Additionally, CockroachDB is cloud-neutral. This means that companies can avoid being locked into one specific cloud provider. The promise of the global cloud encompasses more than trading your current deployment environment for the AWS monoculture. The reality for most businesses is to build a bridge to a cloud-first future via a hybrid embrace of the public cloud. Once there, flexibility to use a combination of providers will be the key to agile adjustments required for the data protection laws of the future.