Abstract Customer's data protection and nearshores aspects are currently experiencing an increasing interest from both the academic, governments and business communities. This paper empirically test 12 factors of customer data protection in regards to three nearshores locations. Testing was performed based on a 127 data set web survey across three nearshore locations (Egypt, Portugal and Romania) of a large multinational software company. Our study report high scores for Data Classification and Passwords, moderate scores for Encryption, Approved tools, Access controls, How many access data, Data minimization and Escalation issues, and low scores for Testing data, Data retention, Readiness and training, and Geographic rules. The major finding is that a specialized team on data protection matters is needed as part of the operating model of the nearshores. This study contributes to the IS literature, in particular how customer data protection is been handled by nearshores professionals. Unlike the typical focus on outsourcing IT literature, this study focuses on the specificity of nearshores locations.