Salesforce is extending its Hyperforce data sovereignty offering to the European Union (EU), but Brexit Britain won’t be part of the program until next year despite being the firm’s second largest market outside of the US.
Hyperforce was announced last year as a “re-imagination of the company’s platform architecture” that allowed for local data storage with the initial pitch stating:
Through Hyperforce, customers around the world can choose to store data in a particular location to support compliance with regulations specific to their company, industry and region.
The new offering is being rolled out around the world on a phased basis.
Today Salesforce announced via a blog post from Lindsey Finch, EVP of Privacy and Product Legal, that the EU is now scheduled to be part of the rollout from the end of 2022, although it appears that France and Germany, both of which have received large inward infrastructure investments from Salesforce in recent years, will be live by the end of 2021. Finch says:
The Hyperforce EU Operating Zone will enable our commercial and public sector customers to process and store their data in the EU. This is an important building block for the trusted enterprise…The Hyperforce EU Operating Zone offers our commercial and public sector customers the opportunity to choose our new EU service offering and benefit from 24/7 support delivered by EU-based personnel.
Earlier this week, Salesforce Chief Operating Officer Bret Taylor previewed the announcement, saying:
With Hyperforce, we're bringing Customer 360 to over 15 regions around the world by the end of 2022 which means that our customers can have a single customer experience globally and meet data residency requirements, and meet compliance and privacy expectations of their customers globally. Truly a unique value proposition.
One new capability that we're adding to Hyperforce this year is the new EU operation. So this means that you can process and store all of your data within the European Union for your European customers. This is a major step forward and just a part of our philosophy on Customer 360 which is you can have a single customer experience, be a global company, even a multi-national and meet the ever-increasing and ever-more complex needs of your customers globally.
Hyperforce will be alive by nine countries by the end of this year, and 16 total countries by the end of next year. It's currently live in India, Australia, Canada, Japan and we'll be live in Singapore, Brazil, Germany, France, by the end of this year.
The regions coming after that are the UK, Korea, Italy, Sweden, Indonesia, United Arab Emirates, and Switzerland. So you can just see the pace of deployment here. Especially for multi-national companies, where meeting the local requirements of your customers is increasingly complex, with Customer 360 you can have one customer experience and meet all those requirements locally. So it's an incredible capability of our platform and something for both customers in the EU, but particularly customers are operating multi-nationals, dealing with the proliferation of these expectations. I think it's a really major step forward for our customers.
Wither Brexit Britain?
What is interesting is that the UK appears to be essentially in the second tier of the roll out whereas France and Germany, two other European region countries where Salesforce has a considerable physical presence, have taken precedence. Until Brexit occurred in January this year, the UK was part of the EU data protection regime, including adherence to all the strictures of GDPR (General Data Protection Regulation). GDPR is seen as a good thing by Salesforce and CEO Marc Benioff has long pushed for a US equivalent at federal government level.
The EU and the UK reached a crucial data adequacy agreement in the summer, but with scarcely concealed threats and caveats from Brussels that if the British tried to go their own way on modifying GDPR compliance, all bets were off. Despite this, the Boris Johnson administration makes no secret of wanting to pull away from EU compliance here, with the former Secretary of State responsible for Digital, Oliver Dowden, saying:
There is a sweet spot for the UK whereby we hold onto many of the strengths of GDPR in terms of giving people security about their data, but there are obviously areas where I think we can make more progress. In our rule making, we can take a slightly less European approach, as set out in GDPR, by focusing more on the outcomes that we want to have and less on the burdens of the rules imposed on individual businesses.
Dowden was nuked in the latest political reshuffle in Westminster last week, but his successor, Nadine Dorries, is further to the right on the Euro-sceptic/Brexit-backing scale, so expect no retreat from the prospect of a confrontation with Brussels. Indeed, there’s now a formal consultation underway on amending - for which read, weakening - GDPR.
So, if the UK looks set to drift away from GDPR and introduce its own data regime, is that why Salesforce’s second largest non-US market and the largest in Europe - as opposed to EU - seems to have slipped down the line in terms of being able to offer its customers Hyperforce? The official party line from Salesforce is simply:
Hyperforce will be live in 9 countries by the end of 2021 and 16 total countries by the end of next year, including the UK.
Let’s state the obvious up front - the EU and the UK have a data adequacy agreement in place that both parties would be insane to throw away (although this is EU vs UK politics, so let’s take nothing entirely for granted). That being so, it’s unlikely that there would be a complete schism around data transfer. UK Salesforce customers also already have two in-country data centers to provide local hosting and it’s certainly the case that many other countries around the world need Hyperforce capabilities more urgently. If you’re a UK Salesforce customer, there isn’t a crisis around data protection or data integrity on the table any time soon. So, there is nothing to panic about, OK? All clear? (Unless Nadine Dorries counts as a crisis, but that’s another matter…)
Nonetheless, from a political and strategic PoV, France and Germany - where Salesforce, as noted, has made significant European investments - are now going ahead of the UK, the second biggest Salesforce market, here. I asked Salesforce whether the UK’s now seemingly equivocal stance on EU data protection compliance had played any part in determining the timetable rolled out by Bret Taylor earlier this week. That question was not directly answered, so you will have to make your own mind up on that one.
From my personal perspective, if I were the latest ephemeral occupant of the big chair in the UK’s Department of Digital, Culture, Media and Sport, I might just want to consider what the impact of playing ‘I dare you’ with Brussels over data protection might ultimately be in terms of confidence in Brexit Britain.