GDPR for app developers as seen by former CTO of CBS

GDPR is only the beginning. Data protection laws impacting how developers manage customer data are exploding all over the globe. Recently, Turkey fined Facebook, Microsoft updated its Compliance Manager, and California prepared to implement its new privacy regulations.

As companies and app developers increasingly rely on a global customer base, combating this issue is a matter of survival.

Peter Yared, the former CTO of CBS, is the founder and CEO of InCountry, a Data-Residency-as-a-Service platform that recently raised $7M in funding to help developers manage data protection compliance in 50 countries globally. Its SDK can be installed with 10 lines of code and manages virtually every aspect of data compliance on the database side. Setting up database compliance by country happens with the click of a button. 

In a conversation with ADM, Peter dives even more deeply into how app developers need to approach new regulations in addition to being GDPR compliant when they are storing the data for their apps and build it right from the ground up to ensure they are protected from costly compliance snafus down the road.

ADM: Can you tell me more about the new laws expanding beyond GDPR regulation to control how developers store and process data?

Yared: GDPR is really just the tip of the iceberg, and covers profile data. The laws and regulations covering health, employee, payment, and transaction data are much more complex and are becoming increasingly stringent. Operating across countries is now a complicated matter. If a Chinese national purchases a plane ticket from a European airline, how do you treat and store the profile data, the payment data, and the transaction data?

ADM: Why are countries mandating that data be stored in their countries? Isn't that inefficient?

Yared: Indeed, it is technically inefficient to split a database up across numerous countries. However, it has proven to be legally inefficient for countries to enforce their data regulations when the data is not actually in their country. By passing data residency regulations and laws, countries are unequivocally defining the jurisdiction of their citizens’ data.

ADM: Why are there different regulations and law covering data processing and data storage?

Yared: It’s very complicated technology to replicate an application’s storage and processing stack into numerous countries. So for now, most regulations are mandating storage is in the country, which controls the legal jurisdiction of the data. However, some countries are mandating storage and processing. For example, the United Arab Emirates just mandated that all their citizen health data has to be stored and processed in-country.

ADM: Is this the end of the internet as we know it?

Yared: The internet as we know it in America is the same. However, I travel a lot, and over the past year, I could not access Wikipedia from Turkey, the Times of San Diego from the Czech Republic, Home Depot from Taiwan, or Southwest Airlines from London. So what’s happening is that each country is getting its own version of the Internet.

ADM: Are these regulations even enforced?

Yared: They are increasingly enforced. Russia threw LinkedIn out of the country because LinkedIn refused to store data locally. Amazon and Mastercard are investing billions into India to comply with their new data localization law.

ADM: Can't the large cloud providers solve this for us?

Yared: The large cloud providers together only give you access to 17 countries with a full processing and storage stack. They are adding more, but when they add a region it is a pretty heavyweight investment. And they don’t actually solve for data compliance, just compliance compatible features. There are a lot of PCI companies that store credit card information for other companies, and they make a lot more money than it costs to store 16 digits from a credit card.

ADM: What's the latency like to store and retrieve data in places like Vietnam and Indonesia?

Yared: The Internet may be splintering, but the connection speed between countries is just amazing. We are seeing sub-second latency to countries that were once considered the hinterlands of the internet, and this is just getting better as more and more fiber gets laid under water.

About Peter Yared

Peter Yared is the founder of InCountry, the first Data-Residency-as-a-Service platform for ensuring global compliance. Peter founded six enterprise software companies that were acquired by Sun, Citrix, VMware, Oracle, Sprinklr and Prograph. Previously, Peter was the CTO/CIO of CBS Interactive where he brought CBS into the cloud. At Sun, Peter was the CTO of the Liberty identity consortium that designed SAML 2.