Data Protection goes global
GDPR is fast approaching its second birthday, and with the rest of the world now starting to embrace similar regulations, we decided to take a look at some of them…
When it came into effect on May 25, 2018, the General Data Protection Regulation established new standards for data protection and essentially told companies what they could and could not do with customer information.
Created in the European Union and passed in Europe, GDPR affects businesses on a global scale and marked the arrival of new privacy laws around the world, including:
The Notifiable Data Breach scheme in Australia
This is not as strict as GDPR, which allows companies just 72 hours to announce a breach to the authorities, under this scheme companies must report breaches within 30 days or demonstrate good reasoning as to why they are not doing so.
According to various reports, the scheme is enjoying some success in raising awareness of the need for compliance, but has not been a ‘game changer’ as yet due to a relative lack of cyber security resources and skills in the country (a not-uncommon scenario in other parts of the world).
Lei Geral de Proteção de Dados in Brazil
Set to come into effect on August 15 this year, this legislation is similar to GDPR and will implement a new legal framework for the use of personal data related to individuals in Brazil.
Unlike GDPR, however, LGPD does not address electronic marketing specifically, nor does it explicitly give individuals the right to object to their personal data being processed. That personal data has a different definition too, with LGPD’s definition being a lot broader.
Personal Information Protection and Electronic Documents Act in Canada
This act went into law in the year 2000 aimed at e-commerce companies and since then, has been expanded to include banking, broadcasting, the health sector and other industries.
The Canadian Government issued a statement in 2017 declaring PIPEDA to be the equivalent of GDPR, although as with Australia’s NDB scheme, the act is not quite as strict; for example, there is no deadline for the submission of data breaches and instead an instruction to organisations that they should report them as soon as it is feasible.
These regulations are all designed to give people more clarity over how their personal information is being used, whilst also attempting to hold businesses accountable for their actions. Some of the fines issued under GDPR have been monumental, with big-name players involved such as Google and British Airways.
A breach at another airline, Cathay Pacific, in 2018 affected over 9 million customers and as a consequence Hong Kong is currently working on much tougher penalties for data breaches as it looks to amend its Personal Data (Privacy) Ordnance.
California has also seen changes, as the start of this month saw the California Consumer Privacy Act (CCPA) come into effect. Another offshoot of GDPR, this is set to have a major impact on corporate privacy initiatives across all sectors of the technology, telecommunications and media / entertainment industries.
Data protection is a hugely important area for any business to be aware of these days, as technology continues to power so much of what is done on a daily basis; the question to ask then is, is your data protection knowledge solid enough?
The NDB scheme (Australia)
Whatever level your knowledge of GDPR, CCPA, or data protection in general might be at, the simple fact is that if you are processing personal data you need to be compliant. The experts at CRIBB Cyber Security, part of theICEway ecosystem of companies, can help you understand IF you are compliant, and HOW compliant you are. If necessary, they can then also advise WHAT you need to do to be fully compliant, regardless of where you are in the world…