Click to learn more about author Victor DeMarines.

Data is the heartbeat that determines the success or failure of software. It pinpoints patterns of usage and enables developers to fine-tune or make wholesale changes to a product.

But data isn’t a restriction-free asset. With GDPR and other data privacy and protection regulations tightly governing the use of customer information, software vendors need to assume full responsibility for how they manage and store information. Companies that develop software for the finance and healthcare industries or government agencies also need to ensure their data houses are in order, or they otherwise risk courting hefty fines for non-compliance.

The abundance of regulations and possibility of even more compliance standards in the U.S. should compel software vendors to think more expansively about data ownership. Software companies gather all sorts of data from their customers. By collecting that information with a product usage analytics solution, vendors capture detailed insights that reveal how customers use their software. That enables developers, support teams, and sales to cater to clients’ particular needs. While many vendors only collect anonymous usage data, those collecting personal information have a higher standard of care to meet to ensure that customers (and regulators) recognize that data is handled properly and kept securely.

A relatively new wave of government regulations requires them to ensure that data is used, managed and stored with meticulous care and for legitimate need. Without doubt, the European Union General Data Protection Regulation (GDPR) is the most sweeping and stringent compliance mechanism. Taking effect in 2018, GDPR protects not only all E.U. citizens’ data but similarly safeguards the data of anyone or any entity in the world that does business in the E.U. Companies have to inform consumers when their data is hacked and must easily allow consumers to see and choose how their data is processed.

Companies that fail to build privacy into their Data Management practices or don’t notify customers of a breach can face fines ranging from €10 million Euros to two percent of their annual global turnover. The U.S. has yet to enact regulations on the scale of the E.U., but many companies didn’t wait because a share of their business inevitably leads to Europe. Not to mention, American consumers expect U.S.-based companies to behave as if a form of GDPR compliance already existed here. They might not have to wait long. Some U.S. lawmakers have indicated that day might come soon, a cause for software companies to take data protection seriously right now.

That’s why it’s critical for companies to have a strong grasp of how they manage and store customer data. When a company can visibly connect the dots of how it handles data, it demonstrates that it can be trusted with this responsibility.

Still, data ownership can get confusing when more than one party is involved, such as when a software vendor collects data with a third-party usage analytics solution. Software vendors rely on a wide array of third-party services, and with this ingrained complexity, they can’t risk running afoul of regulatory expectations because of a third party’s carelessness, disregard for data, or simple inability to be a good data steward.

To make data ownership more straightforward, software companies should consider running their data and applications through a private cloud or on-premises solution. While a multi-tenant solution has many advantages – including customization, flexibility, scalability, and easy upgrades– data is stored with other users’ data on the same servers. A single tenant offering – either a private cloud or on-premise solution – isolates data. Isolation is essential if your company wants to connect all of its data dots, a level of visibility that safeguards customer information and follows compliance protocols.

Beyond data privacy and protection, also consider that some multi-tenant hosted solutions don’t automatically keep all collected data because they have retention limits to save on costs. This may preclude vendors from having longer historical views of customers as well as the ability to ask deeper questions at the most granular user levels. And in some multi-tenant environments, where storage is sought to be optimized, the data collection is processed, keeping vendors from analyzing the underlying raw data. A single tenant solution, however, enables software vendors to collect and store raw data without the same limitations. Companies undoubtedly want to collect every single data point so they can better understand usage, which leads to insights on the success and failures of development. Lastly, a private cloud or on-premises solution typically has stronger security protocols, which gets right to the heart of the promise of data ownership and transparency.

Indeed, with clarity of the data ownership chain, software companies can attest to the provenance of data. They will understand what data they have and how long they have possessed it. This insight informs all Data Management processes and effectively sharpens a company’s ability to follow regulations.

An accounting of Data Stewardship is now a necessary undertaking if software companies want to prove they can be entrusted with customers’ sensitive information. With data being the “oil” of tech and business, software companies need to wear a white hat.