GDPR is fast approaching its second birthday. The rest of the world is now starting to embrace similar data protection regulations, so we decided to take a look at some of them.
When it came into effect on May 25, 2018, GDPR established new standards for data protection. It essentially told companies what they could and could not do with customer information.
Created in the European Union and passed in Europe, GDPR affected businesses on a global scale. It marked the arrival of new privacy laws around the world, including:
The Notifiable Data Breach scheme in Australia
This is not as strict as GDPR, which allows companies just 72 hours to announce a breach to the authorities. In Australia, companies must report breaches within 30 days or demonstrate good reasoning as to why they are not doing so.
According to various reports, the scheme is enjoying some success in raising awareness of the need for compliance. However, it has not been a ‘game changer’ as yet due to a relative lack of cyber security resources and skills in the country.
Lei Geral de Proteção de Dados in Brazil (LGPD)
Set to come into effect on August 15 this year, this legislation is similar to GDPR. It will implement a new legal framework for the use of personal data related to individuals in Brazil.
Unlike GDPR, however, LGPD does not address electronic marketing specifically. Nor does it explicitly give individuals the right to object to their personal data being processed. That personal data has a different definition too, with LGPD’s definition being a lot broader.
Personal Information Protection and Electronic Documents Act in Canada (PIPEDA)
This act went into law in the year 2000 aimed at e-commerce companies and since then, has been expanded to include banking, broadcasting, the health sector and other industries.
The Canadian Government issued a statement in 2017 declaring PIPEDA to be the equivalent of GDPR. However, as with Australia’s NDB scheme, the act is not quite as strict. For example, there is no deadline for the submission of data breaches and instead an instruction to organisations that they should report them as soon as it is feasible.
In Conclusion
These regulations are all designed to give people more clarity over how their personal information is being used. They also attempt to hold businesses accountable for their actions. Some of the fines issued under GDPR have been monumental, with big-name players involved such as Google and British Airways.
A 2018 breach at another airline, Cathay Pacific, affected over 9 million customers. As a consequence, Hong Kong is currently working on much tougher penalties for data breaches. It is also looking to amend its Personal Data (Privacy) Ordnance.
California has also seen changes, as the start of this month saw the California Consumer Privacy Act (CCPA) come into effect. This is set to have a major impact on corporate privacy initiatives across all sectors of the technology, telecommunications and media / entertainment industries.
Data protection is a hugely important area for any business to be aware of these days, as technology continues to power so much of what is done on a daily basis; the question to ask then is, is your data protection knowledge solid enough?
Glossary
The NDB scheme (Australia)
LGPD (Brazil)
PIPEDA (Canada)
Top Tip
Whatever level your knowledge of GDPR, CCPA, or data protection in general might be at, the simple fact is that if you are processing personal data you need to be compliant. The experts at CRIBB Cyber Security, part of theICEway ecosystem of companies, can help you understand IF you are compliant, and HOW compliant you are. If necessary, they can then also advise WHAT you need to do to be fully compliant, regardless of where you are in the world…