As more and more global companies migrate to the cloud and leverage cloud-based tech stacks, certain countries have created data residency requirements. In some circles, this is called data localization. The main driver is a concept of data sovereignty such that the data is subject to local privacy laws and improved security. Amazon posted a data position paper that is also an interesting read. Below is a list of countries and types of data that need to be resident in the respective country:
- Argentina – limited data transfers
- Australia – health records
- Brazil – limited data transfers
- Canada in Nova Scotia and British Columbia – public service providers: all personal data
- Colombia – limited data transfers
- China – personal, business, and financial data
- Germany – telecommunications metadata
- EU – larger barriers to transfer data across borders
- India – personal data but similar to the GDPR terminology
- Indonesia – public services companies must maintain data centers in the country
- Iran – details are thin
- Kazakhstan – servers running on the country domain (.kz)
- New Zealand – sector specific
- Nigeria – all government data
- Peru – limited data transfers
- Russia – all personal data
- South Korea – geospatial and map data
- Taiwan – sector(s) specific
- Turkey – sector(s) specific
- Uruguay – limited data transfers
- Venezuela – sector(s) specific
- Vietnam – service providers usage data
Azure and AWS Region Maps
Azure and AWS are the main cloud players. Below are region maps of their respective Global infrastructures.
Below is the data center map with blue dots being operational datacenters and outlined dots as announced data centers.
Below is the data center map with yellow dots being operational datacenters and green outlined dots as announced data centers.
As you can see, Microsoft and Amazon are building out global datacenters. Keep in mind though, just because a partner/provider is on Azure or AWS does not mean their service offering is globally distributed within those Azure/AWS global infrastructures. They could only have one node localized to that company and not in a distributed node architecture. These privacy regulations are changing daily. Contact us if you need help navigating this ever-changing landscape.