Data Protection and Privacy

Data protection is where many teams discover that a managed service is not the same thing as managed governance. Providers can offer encryption features, durable storage, and regional footprints, but the customer still decides what data belongs in the system, how sensitive it is, which keys and retention rules apply, where it may reside, and when it must be deleted.

This chapter organizes those decisions into a coherent data-governance layer. The lessons cover classification and sensitivity mapping, encryption at rest and in transit, backup and recovery obligations, and the privacy and residency choices that often remain entirely customer-owned. Together, they show that the most difficult data questions usually sit above the infrastructure layer even when the platform features themselves are strong.

Questions To Keep In View

• who decides the meaning, sensitivity, and lawful use of the data
• which controls are provider-enabled features versus customer-governed policies
• how recovery, retention, deletion, and residency decisions interact instead of being treated as separate projects

Read this chapter when a team assumes that a managed storage or database service automatically solves privacy, retention, or recovery ownership.

In this section

• Data Classification and Sensitivity Mapping
  Data classification and sensitivity mapping are foundational customer responsibilities because providers cannot decide what your data means.
• Encryption at Rest and in Transit
  Encryption at rest and in transit are classic examples of shared responsibility done badly when teams stop at the feature checkbox.
• Backup, Recovery, and Data Retention
  Backup, recovery, and data retention are among the most misunderstood areas of shared responsibility.
• Privacy, Residency, and Deletion Obligations
  Privacy, residency, and deletion obligations remain strongly customer-owned because they are tied to law, contract, and business accountability.