Data has been increasing in value for years and there have been many instances when it has been misused or stolen, so it is no surprise that regulators are increasingly focused on it. Shortly, global data regulation is likely to continue to grow, affecting nearly every industry as a result.

There is, however, a particular type of regulation affecting the payments industry, the "cash-free society," known as data localization. This type of regulation increases the costs and compliance investments related to infrastructure and compliance. 

There is a growing array of overlapping (and at times confusing) regulations on data privacy, protection, and localization emerging across a host of countries and regions around the globe, which is placing pressure on the strategy of winning through scale.

As a result of these regulations, companies are being forced to change their traditional uniform approach to data management: organizations that excelled at globalizing their operations must now think locally to remain competitive. 

As a result, their regional compliance costs increase because they have to invest time, energy, and managerial attention in understanding the unique characteristics of each regulatory jurisdiction in which they operate, resulting in higher compliance costs for their region. 

As difficult as it may sound, it is not an easy lift to cross geographical boundaries, but companies that find a way to do so will experience significant benefits — growth and increased market share — by being aware of local regulations while ensuring that their customer experiences are excellent, as well as utilizing the data sets they possess across the globe. 

Second, a trend has emerged regarding the use of data in generative artificial intelligence (GenAI) models, where the Biden administration's AI executive order, in conjunction with the EU's AI Act, is likely to have the greatest influence in the coming year.

The experts have indicated that enforcement of data protection laws will continue to be used more often in the future, affecting a wider range of companies, as well. In 2024, Troy Leach, chief strategy officer for the Cloud Security Alliance (CSA), believes that the time has come for companies to take a more analytical approach towards moving data into the cloud since they will be much more aware of where their data goes. 

The EU, Chinese, and US regulators put an exclamation point on data security regulations in 2023 with some severe fines. There were fines imposed by the Irish Data Protection Commission on Meta, the company behind Facebook, in May for violating localization regulations by transferring personal data about European users to the United States in violation of localization regulations. 

For violating Chinese privacy and data security regulations, Didi Global was fined over 8 billion yuan ($1.2 billion) in July by Chinese authorities for violating the country's privacy and data security laws. As Raghvendra Singh, the head of Tata Consultancy Services' cybersecurity arm, TCS Cybersecurity, points out, the regulatory landscape is becoming more complex, especially as the age of cloud computing grows. He believes that most governments across the world are either currently defining their data privacy and protection policies or are going to the next level if they have already done so," he states.

Within a country, data localization provisions restrict how data is stored, processed, and/or transferred. Generally, the restriction on storage and processing data is absolute, and a company is required to store and process data locally. 

However, transfer restrictions tend to be conditional. These laws are usually based on the belief that data cannot be transferred outside the borders of the country unless certain conditions are met. However, at their most extreme, data localization provisions may require very strict data processing, storing, and accessing procedures only to be performed within a country where data itself cannot be exported. 

Data storage, processing, and/or transfers within a company must be done locally. However, this mandate conflicts with the underlying architecture of the Internet, where caching and load balancing are often system-independent and are often borderless. This is especially problematic for those who are in the payments industry. 

After all, any single transaction involves multiple parties, involving data moving in different directions, often from one country to another (for instance, a U.S. MasterCard holder who pays for her hotel stay in Beijing with her American MasterCard). 

Business is growing worldwide and moving towards centralizing data and related systems, so the restriction of data localization requires investments in local infrastructure to provide storage and processing solutions. 

The operating architecture of businesses, business plans, and hopes for future expansion can be disrupted or made more difficult and expensive, or at least more costly, as a result of these disruptions. AI Concerns Lead to a Shift in The Landscape The technology of the cloud is responsible for the localization of data, however, what will have a major impact on businesses and how they handle data in the coming year is the fast adoption of artificial intelligence services and the government's attempts to regulate the introduction of this new technology. 

Leach believes that as companies become more concerned about being left behind in the innovation landscape, they may not perform sufficient due diligence, which may lead to failure. The GenAI model is a technology that organizations can use to protect their data, using a private instance within the cloud, he adds, but the data in the cloud will remain encrypted, he adds.