Ep 43: Who's got your data? Spoiler: Not you

In this episode of Masters of Data, we untangle the often-confused cousins of data sovereignty and data residency, because where your data lives and who actually controls it are two very different conversations. We dig into the real-world headaches facing multinational companies, from incident response teams locked out of sovereign data zones to the bureaucratic gymnastics that ensue when compliance meets practicality. We also take a hard look at the EU AI Act and what its upcoming enforcement means for organizations scrambling to govern AI responsibly, and why the next great hire might be a unicorn who speaks fluent legalese, app sec, and GRC all at once.
Who should listen: Security practitioners, GRC professionals, data engineers, CTOs, and anyone navigating cloud strategy across international borders, especially those who have ever muttered something unprintable at a compliance requirement.

0:00 Intro & Defining Data Sovereignty vs. Data Residency

4:47 Sovereignty as Citizenship: A New Analogy

6:47 Multinationals & the Challenge of Mixed Environments

9:03 Customer Contracts & Cross-Border Access Restrictions

11:17 How Sovereignty Breaks Incident Response

14:37 Bureaucratic Nightmares: OG Screen Sharing Story

17:17 Practitioners Should Write the Rules

21:30 Gap Between Policy Intent and Technical Implementation

25:07 EU AI Act: It's Actually Law — Fines & Personal Liability

27:27 GDPR Lessons & Removing Yourself from AI Training

29:47 The "AI VP" Unicorn Role Boards Need

36:17 Ireland, Labor Arbitrage & Data Following the Company

40:07 Could an AI Agent Solve Sovereign Zone Access?

41:17 David for UN AI Czar & Wrap-Up