X
Tech

Stringent data protection regulation has gone global

New privacy regulations are emerging worldwide, from California to Brazil to India. Standards for data protection are also becoming more stringent.
Written by Forrester Research, Contributor

Try today: Forrester's interactive heat map will let you explore privacy laws and regulations in 61 countries.

Security and risk leaders consistently rank compliance with global privacy regulations as one of their top three challenges. This week Forrester updated the map of global privacy rights and regulations., which includes 61 countries, adding Kuwait, the Philippines, Qatar, Saudi Arabia, Sri Lanka, United Arab Emirates, and Vietnam.

  • One-year post-implementation, Europe is still working out the particulars of the GDPR. While GDPR became directly applicable law in all member states of the European Union upon its implementation in May 2018, there are over 50 areas in which member states are permitted to legislate differently than GDPR in their domestic data protection laws. Several countries are still finalizing their guidance. However, there has already been over 56 million Euros in fines since GDPR implementation. Other jurisdictions seeking to implement their own privacy regulations will be able to learn from the process thus far in the EU.
  • Including consumer privacy in national law is becoming more and more prevalent around the world. Although GDPR is just one year old, many nations have been inspired by the scope and depth when drafting their own privacy bills. It seems that every week news breaks that another jurisdiction is implementing personal data guidelines. The California Consumer Privacy Act (CCPA) as well as the Brazilian General Data Protection Law (LGPD) have been signed and will come into effect in 2020. Other states are following the example of California; New York recently passed a stringent privacy bill. Countries such as India are drafting their versions, as well.
  • The volatility of the Brexit debate has given data residency new relevance. Although the UK has already adopted a bill that translates GDPR standards and requirements into national legislation, the uncertainty around Brexit increases complexity around businesses' data residency policies. Organizations that transfer or process European citizens' data in the UK must prepare now. Depending on their risk appetite and specific business needs, firms may even consider relocating British data centers to Europe.

As business is increasingly multinational, firms must keep up to date on the privacy climate for each nation they conduct business in.

For more from Forrester on privacy, click here.

This post was written by Senior Analyst Enza Iannopollo, and originally appeared here.

The FBI's most wanted cybercriminals


Editorial standards