Just like most virtual and online activities, data collection and processing are not necessarily bound by borders, especially as they happen on the internet. Attempts to regulate these activities, therefore, too, tend to have cross-border, transnational effects on the businesses, organisations, and individuals that they try to govern. Whether you’re a data privacy professional interested in global laws and regulations, someone in a business or organisation handling data that is coming from or is being transferred abroad, or an individual who wonders about their data privacy rights internationally, you’ll likely be confronted with a growing regulatory landscape of data privacy laws around the world.
This series will introduce you to the data privacy laws and regulations currently in force or in the process of being enacted around the world. Each insight will look at one country and its legal framework on data privacy, providing you with the key facts and most important provisions, as well as with a comparative analysis between the framework at hand and other laws and regulations around the world, particularly the GDPR.
The GDPR and how it began
A landmark turning point for data privacy worldwide, the General Data Protection Regulation (GDPR) passed through the law-making process of the European Union in 2016 and came into force in 2018. It has since had enormous international effects and continues to be a catalyst, influence, and guide for emerging laws and regulations in other countries.
However, there remains great uncertainty as to how some of the GDPR’s many principles, data subject rights and other rules apply in practice or how they’ll be interpreted and evaluated by authorities. This uncertainty is exacerbated by the fact that EU regulators and member states’ regulators provide inconsistent guidelines and have taken different approaches to dealing with breaches. If you're interested in finding out more about the rights and obligations established under the GDPR, what effects those have had on businesses and individuals since coming into force, and how it applies extraterritorially, i.e. to countries and entities outsides of the European Union, check out our GDPR at a closer look series.
A global outlook on data privacy and why it's needed
As mentioned, the GDPR has had an enormous impact on the global data privacy legal landscape. On the one side, this is because of its extraterritorial effects. On the other side, the GDPR has served as a guide or blueprint for many of the most recent and emerging data privacy laws and regulations in other countries around the world. If you're familiar with the rules set out in the GDPR, you'll likely recognise the many similarities when reading through a subsequent data privacy regulation that's been passed in another country. However, despite the similarities, some of these new laws and regulations also contain significant differences and might require extensive adjustments on your behalf if you find yourself affected by their rules.
Some of the most important laws and regulations to be aware of are: the European Union's GDPR, the UK’s DPA, China’s PIPL, Canada’s CCPA, California’s new CPRA, Virginia’s CDPA, Brazil’s LGPD, South Africa’s POPIA, India’s PDP, New Zealand's Privacy Act, Japan’s APPI, and the Swiss nPDA.
But why would it be important for you to have a global outlook on data privacy law?
The answer is that just like the GDPR applies transnationally (including to entities and individuals outside of the European Union) and has had a strong influence on developing data privacy frameworks, so, too, do the data privacy laws and regulations of other countries. As soon as your business deals with personal data of people residing in other countries or establishes an entity there (even if no data is being processed within the country's borders), you'll likely be affected by the privacy rules of that country. This becomes even more relevant as many products, services and other interactions happen online, and traditional borders cannot be enforced on the internet as easily as they are offline.
The bottom line here is that there is a chance that at some point you will be, or you already are directly affected by other countries' data privacy laws and regulations. Staying up-to-date with their changing rules, understanding how these apply to you, and actively working to ensure compliance with them might, therefore, be some of the top priorities within you data privacy work.
To make this a bit easier for you, this insight series will provide you with some starting points and general overviews, as well as time-sensitive analysis of current and upcoming data privacy laws and regulations.
And if you're in need for practical advice and tailored solutions for your strive to comply with new laws and regulations, do get in touch with our team. We'll make sure to leverage Lex Dinamica's collective experience of implementing transformational data privacy programmes and solutions across transnational and multinational organisations to help you adapt to growing requirements and risks.