
A client wants to move to a new cloud-based CRM, but they are concerned that customer and employee data may be stored or processed outside required jurisdictions. You are advising on the delivery approach and need to make sure the architecture addresses data residency, privacy obligations, and operational feasibility before implementation begins.
How would you address the client's data residency and privacy concerns architecturally while still keeping the CRM implementation practical to deliver?