This article originally appeared on Beta News.

Software-as-a-service (SaaS) is rapidly replacing applications that were once hosted on-premises. There are compelling reasons for switching to SaaS. Costs are lower, there’s no in-house equipment or software to deal with, and no updates or patches to manage. Organizations are obviously aware of the advantages. Experts at Gartner estimate that SaaS global revenue will exceed $94 billion in 2019, up 18.5 percent over 2018. The outlook for future growth is even more promising, with projections that revenue will soar to $143.7 billion by 2022.

But the as-a-service model raises a critical issue facing organizations: compliance with GDPR, HIPAA, the California Consumer Privacy Act (CCPA), Sarbanes-Oxley and other regulatory schemas that govern company data. Who owns the data and is responsible for compliance? What should customers expect from SaaS vendors?