<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=229461991482875&amp;ev=PageView&amp;noscript=1">

Data privacy and security is rarely out of the news at the moment. If it’s not the latest Facebook data scandal, it’s companies like Marriott and British Airways falling foul of the GDPR and facing severe financial penalties.

The majority of countries and territories have put legislation in place with the aim of protecting personal data and holding companies accountable for its safekeeping.

Central to this legislation is the concept of Data Sovereignty.

What is Data Sovereignty?

Data Sovereignty refers to the concept that data should be subject to the laws of the nation or territory where it is collected.

By crystallising this principle into law, governments have aimed to better protect their residents’ data and have also presented a new range of challenges to businesses obliged to store and use that data.

In particular, the increased prevalence of cloud computing has meant a greater focus on where data is stored and processed.

Companies such as Gatekeeper, which uses the cloud to store its customers’ contract and vendor data, are obliged to make sure that customers’ specific data sovereignty requirements can be met.

Data Sovereignty and the Cloud

Cloud computing has had a transformative effect on businesses’ ability to scale and to store vast amounts of data at comparatively low cost.

It’s at the heart of near-enough every large technology business today.

While the benefits of the cloud to the end-user are being able to access software and data from anywhere with an internet connection, the hardware behind the cloud takes the form of physical data-centres, often in remote locations.

It’s the location of these data-centres that is crucial when it comes to meeting data sovereignty requirements, whilst working with cloud solutions.

Companies that have only one global “instance” of their cloud solution may struggle to meet the data sovereignty requirements of potential international customers.

In turn, those potential customers need to fully understand the legislation that they’re working under and then look to find a suitable, compliant solution with which to trust their data.

Data Sovereignty and Contract Management

Contracts contain a wealth of personal and confidential information, which place them right in the firing line for data privacy legislation.

Managing contracts in a way that’s in line with that legislation is a key responsibility for internal legal teams and any other parties responsible.

Assuming a business uses, or intends to use a cloud-based contract management system, these are some of the key areas for consideration:

  1. Where, geographically, does the CMS intend to host your contract data? Some companies, like Gatekeeper, offer you a choice of global locations to make sure that your data can be stored in an appropriate and legally-compliant location. Others simply offer one location and that may not be compatible with your specific legislation.

    The consequences for breaching this legislation can be extremely significant as well, as we’ve seen with both Marriott and BA earlier.

  2. Within the Contract Management System may be particular services or functions that require your contract data to be ported. If the system uses third parties for functions like OCR search, online document editing or electronic signature then this could result in your data being transferred between locations.

    It’s important to question whether this is the case and understand whether this is compliant with your local data legislation and internal policies.

  3. Consider their engineering team’s procedures and how that might impact on the location of your data. For example, if they’re developing new functionality relating to your version or indeed more generally, ask whether that could lead to your data being replicated into another global location.

  4. Disaster Recovery Plans are a vital component of any business’s operations. Consider how your prospective CLM partner intends to back your data up, whilst still respecting data sovereignty requirements.

    Will any back-ups still be within your chosen jurisdiction?

  5. Do they have any external certification for their claimed data security credentials? Look out specifically for ISO 27001 certifications, which is considered among the gold standards for information security management.

  6. In addition to looking for evidence of external certifications, it’s worth reviewing all their security documentation to ascertain whether information security is something that is taken seriously by your prospective partner.

    You can take a view on how closely it’s tied into their operations by looking at the information they’re prepared to share and publish on the subject.


Data sovereignty is a key pillar of data security and one that has to be addressed when it comes to contract management.

The information contained within your business’s contracts must be kept confidential and stored according to relevant local and international legislation.

Gatekeeper offers a choice of global locations to make sure that your data can be kept in compliant fashion. You can choose from five global instances:

Screenshot 2022-01-25 at 09.40.02Gatekeeper's four global instances, covering the US, APAC and Europe

Not only that, Gatekeeper is ISO 27001 certified and regularly commissions independent penetration testing to make sure that our systems remain entirely secure for our customers.

To find out more about how Gatekeeper can support your information security requirements, and work within your business’s data sovereignty constraints, please contact us today.

Ian Bryce
Ian Bryce

Ian writes on a variety of topics, bringing together his own knowledge and experience with that of industry experts.


Contract Management , Control , Compliance , Vendor Management , Contract Lifecycle Management , Contract Management Software , Visibility , Contract Lifecycle , Supplier Management , Case Study , Contract Risk Management , Vendor Management Software , Contract Management Strategy , Contract Repository , Risk Mitigation , Contract Automation , Workflows , CLM , Contract Ownership , Contract Visibility , Contracts , Supplier Performance , Supplier Risk , Contract and vendor management , Legal , Legal Ops , Podcast , Risk , Third Party Risk Management , Vendor Onboarding , contract renewals , Gatekeeper Guides , Procurement Reimagined , RFP , Supplier Relationships , TPRM , Business continuity , CLM solutions , COVID-19 , Contract Managers , Contract Performance , Contract Redlining , Contract Review , Contract Risk , Contract compliance , ESG , Metadata , Negotiation , Procurement , Procurement Strategy , SaaS , Supplier Management Software , Vendor Portal , Vendor risk , webinar , Artificial Intelligence , Clause Library , Contract Administration , Contract Approvals , Contract Management Plans , ESG Compliance , Future of Procurement , Kanban , RBAC , Recession Planning , Regulation , Regulatory compliance , SOC Reports , Security , Sustainable Procurement , collaboration , AI , Audit preparedness , Audit readiness , Audits , Business Case , Clause Template , Contract Breach , Contract Governance , Contract Management Audit , Contract Management Automation , Contract Monitoring , Contract Obligations , Contract Outcomes , Contract Templates , Contract Tracking , Contract Value , Dashboards , Data Fragmentation , Due Diligence , Employee Portal , Excel , FCA , ISO Certification , KPIs , Legal automation , LegalTech , Market IQ , NetSuite , Obligations Management , Procurement Planning , Redline , Scaling Business , Spend Analysis , Standard Contractual Clauses , Suppler Management Software , Touchless Contracts , Vendor risk management , central repository , success hours , time-to-contract , Australia , BCP , Breach of Contract , Brexit , Business Growth , CCPA , CMS , CPRA 2020 , CSR , Categorisation , Centralisation , Certifications , Cloud , Conferences , Confidentiality , Contract Ambiguity , Contract Analysis , Contract Approval , Contract Attributes , Contract Challenges , Contract Change Management , Contract Community , Contract Disengagement , Contract Disputes , Contract Drafting , Contract Economics , Contract Execution , Contract Management Features , Contract Management Optimisation , Contract Management pain points , Contract Negotiation , Contract Obscurity , Contract Reminder Software , Contract Reporting , Contract Routing , Contract Stratification , Contract Termination , Contract Volatility , Contract relevance , Contract relevance review , Contracting Standards , Contracting Standards Review , Cyber health , DPW , Data Privacy , Data Sovereignty , Definitions , Digital Transformation , Disputes , EU , Electronic Signatures , Enterprise , Enterprise Contract Management , Financial Services , Financial Stability , Force Majeure , GDPR , Gatekeeper , ISO , IT , Implementation , Integrations , Intergrations , Key Contracts , Measurement , Mergers and Acquisitions , Microsoft Word , Modern Slavery , NDA , Operations , Parallel Approvals , Partnerships , Pharma , Planning , Port Agency , Pricing , RAG Status , Redlining , Redlining solutions , Requirements , SaaStock , Shipping , Spend optimzation , Startups , SuiteApp , SuiteWorld , Supplier Cataloguing , Technology , Usability , Vendor Governance , Vendor Relationship Management , Voice of the CEO , automation , concentration risk , contract management processes , contract reminders , document automation , eSign , esignature , post-signature , remote working , vendor centric

Related Content


subscribe to our newsletter


Sign up today to receive the latest GateKeeper content in your inbox.

Subscribe to Email Updates