---
title: "Who’s got your data? Spoiler: Not you"
page_name: "Who’s got your data? Spoiler: Not you"
type: "resource"
slug: "ep-43-whos-got-your-data-spoiler-not-you"
published_at: "2026-05-19"
modified_at: "2026-06-16"
url: "https://www.sumologic.com/podcast/ep-43-whos-got-your-data-spoiler-not-you"
canonical: "https://www.sumologic.com/podcast/ep-43-whos-got-your-data-spoiler-not-you"
markdown_url: "https://www.sumologic.com/podcast/ep-43-whos-got-your-data-spoiler-not-you.md"
lang: "en"
excerpt: "In this episode of Masters of Data, we untangle the often-confused cousins of data sovereignty and data residency, because where your data lives and who actually controls it are two very different conversations. We dig into the real-world headaches facing..."
taxonomy_resource_type:
  - "Podcast"
taxonomy_resource_solution:
  - "SecOps and Security"
---

[ All Podcasts ](https://www.sumologic.com/resources?_resource_type=podcast)# Who’s got your data? Spoiler: Not you

### Adam White

Sr. Director, Technical Marketing

### David Girvin

Lead Technical Advocate

### Zoe Hawkins

Director, Content Marketing

Speakers

In this episode of Masters of Data, we untangle the often-confused cousins of data sovereignty and data residency, because where your data lives and who actually controls it are two very different conversations. We dig into the real-world headaches facing multinational companies, from incident response teams locked out of sovereign data zones to the bureaucratic gymnastics that ensue when compliance meets practicality. We also take a hard look at the EU AI Act and what its upcoming enforcement means for organizations scrambling to govern AI responsibly, and why the next great hire might be a unicorn who speaks fluent legalese, app sec, and GRC all at once. Who should listen: Security practitioners, GRC professionals, data engineers, CTOs, and anyone navigating cloud strategy across international borders, especially those who have ever muttered something unprintable at a compliance requirement.

0:00 Intro &amp; Defining Data Sovereignty vs. Data Residency

4:47 Sovereignty as Citizenship: A New Analogy

6:47 Multinationals &amp; the Challenge of Mixed Environments

9:03 Customer Contracts &amp; Cross-Border Access Restrictions

11:17 How Sovereignty Breaks Incident Response

14:37 Bureaucratic Nightmares: OG Screen Sharing Story

17:17 Practitioners Should Write the Rules 21:30 Gap Between Policy Intent and Technical Implementation

25:07 EU AI Act: It’s Actually Law — Fines &amp; Personal Liability

27:27 GDPR Lessons &amp; Removing Yourself from AI Training

29:47 The “AI VP” Unicorn Role Boards Need

36:17 Ireland, Labor Arbitrage &amp; Data Following the Company

40:07 Could an AI Agent Solve Sovereign Zone Access?

41:17 David for UN AI Czar &amp; Wrap-Up

More Podcast

Explore More!

Explore more Sumo Logic Podcast

[Podcast

SIEMply SIEM: Getting set up without buyer’s remorse

 ](https://www.sumologic.com/podcast/siemply-siem-getting-set-up-without-buyers-remorse)[Podcast

Stop building security dashboards nobody reads

 ](https://www.sumologic.com/podcast/stop-building-security-dashboards-nobody-reads)[Podcast

I think, therefore I am: Metacognition and AI](https://www.sumologic.com/podcast/ep-46-i-think-therefore-i-am-metacognition-ai)

[AI Instructions](https://www.sumologic.com/ai-instructions.md)