GDPR : the commercial advantage of ESN & ICT offering a sovereign cloud

Are you one of the ESN & ICT companies offering a sovereign cloud? This article is for you.

 The principle of the sovereign cloud and the expectations of the French market

Lately, issues surrounding the Sovereign Cloud have been of increasing concern to governments and businesses worldwide. It goes without saying that more and more data is being stored and processed in the cloud. As a result, data sovereignty is becoming paramount.

In France, data sovereignty is a major concern. Indeed, the French market is increasingly demanding sovereign cloud solutions. 

✅ So vereign Cloud: Sovereign Cloud can be defined as an online infrastructure, known as a cloud, managed and controlled by a country, or even a government entity.

The objective behind the Sovereign Cloud concept is toensure the security of sensitive data, so that it is hosted in the same territory, rather than being stored abroad. 

✅ The French market: in France, the concept of data sovereignty is considered to be of paramount importance, for a number of reasons.

• First and foremost, French companies are willing and eager to protect their personal data against the risks of cyber-attacks.

• Secondly, in addition to willingness, there is the interest of protecting personal data and this in accordance with current regulations such as the GDPR.

That's why the French market is waiting for this concept of personal data sovereignty. While companies are opting for the technical and functional advantages of cloud computing, they are also seeking to maintain control over the personal data they process.

✅ Study quali : NumeumNumeum, a professional organization in the digital ecosystem, surveyed its members via a questionnaire, to gain a better understanding of the importance of personal data sovereignty .

The main results of this survey showed that half of the members who responded to the questionnaire are confronted with confidence requirements in their clients' calls for tender.

It should be pointed out that this percentage rises to 60% when it comes to healthcare clients , given that they process personal data considered sensitive by the CNIL (National Commission for Information Technology and Civil Liberties). 

What's more, 70% of respondents said that it is mandatory for Europe, and France in particular, to impose mandatory use of Cloud providers that are French, or at the very least, European.

✅ Constraints: It should be noted that setting up an infrastructure for personal data sovereignty, poses various challenges.

In other words, setting up data centers on a national scale involves colossal costs, and therefore very high levels of investment.

In addition, ensuring user confidence remains a key issue, making it essential to guarantee high levels of security and availability. This is one of the priorities to be taken into consideration when setting up national data centers. 

⭐ Increasing constraints and controls at European level

 L'ENISAthe European Union's cybersecurity agency, has recently drawn up a bill of law which concerns a European certification system to guarantee cloud cybersecurity. The latest bill also strengthens sovereignty requirements in terms of government and corporate data in the European Union. 

Better cybersecurity, but above all real sovereignty... 

Whatever the levels of confidentiality and security, the certification project requires that contracts be governed by the law of anEU country, and that only EU arbitration bodies have jurisdiction over contract-related disputes. 

In addition, Cloud providers are obliged to inform their clients of any risks that may be associated with them, and therefore to provide all the information requested by clients so that they can assess the risks themselves. 

Some European Cloud players are considered sovereign operators, including: OVH, Scaleway and Cloud Temple.

📋 Two case clients on healthcare data

 2 inserts: two cases of ESNs supported by Dieepo on their GDPR compliance.

🐼 EBS Group is a group of EBS(Entreprises de Services du Numérique) specialised in the integration of management and IT solutions for VSEs and SMEs. 

EBS Group has been awarded quality certification by Qualiopi , and supports its clients from auditing and installation through to maintenance of their IT infrastructures.

This involves securing and backing up all processed data. 

Through service, EBS Group handles digital data that needs to be protected, requiring full and scalable GDPR compliance.

🔐 Izzytech is a Digital Services Company (ESN) offering customized services thanks to a portfolio of consultants who are experts in their field. 

Izzytech smoothes the way for its clients by facilitating the match between their IT needs and the skills of its consultants.

This also requires, GDPR compliancecompliance, with a view to securing such processing and reassuring users, partners, clients and investors.