Beyond GDPR: Privacy Regulations Across the Globe
Author: Christine Ferrusi
Now that the deadline for companies to be compliant with the General Data Protection Regulation has passed, any company that works with European consumers is now familiar with the new privacy requirements (many companies have had to opt out of working with Europeans because they aren’t compliant, that’s a blog post for another day.)
If your firm has spent the past months getting ready, it might be tempting to breathe a sigh of relief that GDPR is now live. However, the major effort to protect European consumers’ privacy shouldn’t overshadow the important privacy regulations of other geographies. In particular, you’ll want to see what’s the same and what’s different, so you can build privacy policies that meet the strictest of the requirements.
- United States — In the US, each state has its own regulations regarding protection of personally identifiable information (PII), with states like California and Massachusetts being considered stricter than other states, so many company use the strictest regulation to govern their overall country-wide policies. There are also industry-specific privacy regulations like the Health Insurance Portability and Accountability Act (HIPAA.)
- South Korea — Similar in many ways to GDPR, South Korea’s Personal Information Protection Act, enacted in 2011, requires that “data subjects” give explicit consent to organizations before their data are collected and used. Consent is also required before sharing that information with a third party.
- Singapore — The Personal Data Protection Act of 2012 requires organizations to gain consent from individuals before collecting data, to specifically notify the individual of the purposes for which the data will be used, and for the data to be used in ways that are reasonable for the organization.
- Brazil — Like the United States, Brazil does not have a national data privacy law. There are several other laws that touch on it, including the Consumer Protection Code and the Access to Information Act, which both discuss personal information in consumer-oriented and public databases.
Even before GDPR, European privacy regulations were considered stricter than many other geographies. but that doesn’t mean that companies can focus on GDPR without considering the regulations of other regions. Generally, companies will need to ensure that they gain consent from users before collecting and using data. They’ll also need to ensure they protect the data collected, as many countries have laws regarding cybersecurity and protecting the data once collected. Smart organizations will also want to make sure they have clear policies on how their business partners are complying, since sharing data is also part of most of these regulations. It would be ironic to comply with so many regulations only to be put at risk by partners who themselves are not compliant.
For more information about PikcioChain,
Visit our website,
And join our community.
The PikcioChain Team