Dr. Rick Goud: 1 in 3 Firms Hit with Data Sovereignty Incidents Artwork

Kitecast

Kitecast features interviews with security, IT, compliance, and risk management leaders and influencers, highlighting best practices, trends, and strategic analysis and insights.

All Episodes

Kitecast

Dr. Rick Goud: 1 in 3 Firms Hit with Data Sovereignty Incidents

April 23, 2026 • Tim Freestone and Patrick Spencer • Season 4 • Episode 51

0:00 | 40:59

In this Kitecast episode, Patrick Spencer sits down with Rick Goud, Kiteworks' Field CTO and a recognized European data sovereignty expert, to unpack findings from the Kiteworks Data Security and Compliance Risk: 2026 Data Sovereignty Report. The central paradox jumps off the page: Roughly 80% of the 286 professionals surveyed across Canada, the Middle East, and Europe feel well informed about sovereignty requirements, yet one in three experienced a sovereignty-related incident in the past 12 months. Rick pushes back on the "well informed" number, arguing that most stakeholders rely on a narrow definition — equating sovereignty with data residency or local vendor logos. The real question, he says, is not where your data lives but who holds the keys to it.

The regional picture tells three different stories. The Middle East reports a 44% incident rate — nearly double Canada's 23% — despite moving fastest on sovereignty ambitions, as detailed in the Kiteworks 2026 Data Security and Compliance Risk: Data Sovereignty in the Middle East. Rick attributes this to maturity pressure: The pivot away from well-stress-tested hyperscalers toward younger local alternatives introduces security gaps that hyperscaler transparency reports historically do not show. Europe, covered in depth in the Kiteworks 2026 Data Security and Compliance Risk: Data Sovereignty in Europe, is pursuing a pragmatic "glocal" model — only 4% plan to go fully local — layering sovereignty controls like customer-held encryption keys on top of Microsoft 365 and Azure rather than attempting a wholesale exit. The Kiteworks 2026 Data Security and Compliance Risk: Data Sovereignty in Canada shows a similar pattern, with 40% citing Canada-U.S. data-sharing shifts as their top concern, pushing organizations to rethink key custody rather than abandon U.S. providers entirely.

AI governance emerges as the unresolved frontier. Rick is blunt: He has not yet seen a company that has solved governed AI data sharing at scale. Organizations are caught between blanket ChatGPT and Claude bans that sacrifice productivity, and open access that sacrifices compliance. His prediction — agentic AI will roughly double the digital workforce within two years — makes a centralized policy decision point non-negotiable.

Rick's two-takeaway close is crisp: Adopt an internal sovereignty framework so stakeholders stop talking past each other with different definitions and never accept a vendor's sovereignty claim on faith — validate it against your framework. He also warns against vendor lock-in, because the winners of 2026 will not be the winners 12 months later. Listen to the full episode on the Kitecast podcast page for the complete conversation.

Rick Goud’s LinkedIn Profile: https://www.linkedin.com/in/rickgoud/

Check out video versions of Kitecast episodes at https://www.kiteworks.com/kitecast or on YouTube at https://www.youtube.com/c/KiteworksCGCP.