This article originally appeared on Information Management.

Organizations are increasingly coming to rely on software as a service, replacing applications that have previously been hosted on-premises.

In April, for example, Gartner predicted SaaS global revenue would grow 18.5 percent over 2018 to more than $94 billion this year and that, by 2022, it would grow to $143.7 billion. And while there are many benefits to a SaaS approach—lower costs, no on-premises equipment or software to operate, no updates or patches to manage—it does raise significant questions around compliance with GDPR, HIPAA, Sarbanes-Oxley and other regulatory schemas that govern company data.

So, who owns the data? Who has responsibility for compliance? And what questions should customers ask a potential SaaS vendor to determine whether their data will be compliant in their service?