Location of data storage and processing

First version: 2022-09-22

Last updated: 2023-10-26

Last change: Addition of screenshot; alert at the bottom of the article.

Approval: 2023-10-26

Classification: Low

Please contact us if you want to receive a copy of (an) earlier version(s).

Data storage and processing

From a technical point of view, a Workspace exists in the context of a specific Azure Subscription. By design all Workspaces inherit the location where the data is stored and processed from this Azure Subscription; the decision is made by the Tenant. The list of possible locations is defined and determined by Microsoft and what is needed for myDRE Workspaces.

The location where data is stored and processed can be found in the Details tab of every Workspace.

Regardless in which region the data is stored and processed, the following applies for the time being:

1. It is only possible to do Workspace to Workspace transfers within the same region.
   
1. It is not possible to do Workspace to Workspace transfers between regions.
   
2. Ingress and egress of data will go encrypted through the core of myDRE which resides in region West Europe

Due to technical limitation outside anDREa control, data ingress and egress through direct endpoints (i.e. opening ports and domain whitelisting) is not controlled by myDRE services. Whether or not encryption is used depends on the application and services used from within the VM. Setting up the connection can only take place from within a VM.

See also:

1. myDRE Highlevel Architecture
   
2. Multi-Region Implementation

• Related Articles

• Data Protection policy

  First version: 2021-05-13 Last updated: 2023-10-25 Last change(s): Added links to GDPR compliance assessment, Data Handling policy, GDPR Article 5; Modified contact information; Substituted Azure DRE for myDRE; Formatting. Approval: 2023-10-26 ...

• Data Landing Zone (DLZ)

  version: 2022-06-09 update: 2024-04-04 Introduction The Data Landing Zone (DLZ) API is a public API that allows to safely push data to specific myDRE Workspace. Data transfer authentication and authorisation is managed by two API keys: Subscription ...

• Data - ownership, responsibility, and control

  Ownership of data can be a tricky question when it comes down to personal data or data of persons. For instance, it is not unlikely that it depends on what subsection of Article 6 was used. By design, myDRE is a pragmatic and solid answer to a, ...

• Data Protection Impact Assessment (DPIA)

  First version: 2021-05-13 Last updated: 2024-03-07 Last change: Added link to NEN-7510 article. Introduction anDREa is committed to the GDPR. The purpose of this document is to describe anDREa’s Data Protection Impact Assessment (DPIA). The template ...

• Does anDREa have access to the data in a Workspace?

  Created: 2021-10-24 Last update: 2023-01-23 myDRE is designed and regularly evaluated on the objective that and only that authorized people and services can have access to the data in a Workspace. "that and only that" implies that both authorized ...