Around the world, people and businesses are increasingly recognising the importance of data protection.
Since the launch of GDPR, businesses and governments have been taking data privacy more seriously, and with good reason – a lack of data protection can have serious implications.
Let’s look at the consequences of a lacklustre data protection policy and how laws are shifting across the globe.
Why is data protection important?
Data protection is important for a variety of reasons.
Data can be personal, financial, political, racial, genetic, religious, and more. Because it can be misused for fraudulent purposes and even for persecution and targeting by extremists, it’s important to keep data confidential. Doing so keeps identities and organisations safe.
Users online want to trust that their data will be used appropriately and handled carefully, so organisations must utilise data privacy policies. Leaks and breaches can cause quite a hit to reputation, and data downtime can be a financial disaster.
Ideally, data protection laws would span the globe – but surprisingly, they don’t!
Countries with legislation
It may come as a surprise to hear that only 66% of countries have legislation in place to protect data privacy. Here in the UK, we are by now quite used to hearing about GDPR, a regulation in EU law that outlines a range of principles and rules for businesses within the European Economic Area to follow.
While many countries don’t have any laws in place, others have their own set of regulations that match up to the stringent policies of GDPR in the EU.
Take a look at this data protection map for an idea of the countries with robust, heavy, moderate, or limited legislation.
Here are a few examples for an overview of how data protection functions in countries outside of the EU:
Australia has a robust set of 13 privacy principles that govern the collection and use of personal information. Not only that, but the Office of the Australian Information Commissioner will take complaints from any citizen and will investigate issues without charge.
Canada’s data protection rulebook is the Personal Information Protection and Electronic Data Act. Privacy policies must include the means of collection, handling, and use of personal data, and it also states that these policies should be easily accessed.
Canada’s 10 guiding data principles span accountability through to challenging compliance, and the government even provides a guide to all businesses that helps them comply.
Brazil only brought in a data protection law in 2020.
The Lei Geral de Proteção de Dados, Brazil’s version of GDPR, launched in August 2020. It gives all Brazilian citizens the right to access all of their data, to update information, to confirm that their data exists, to delete it, to move it, and to revoke consent to data sharing.
Citizens also have a right to information about the organisations that store their data and the consequences of denying consent.
Businesses found in breach of the laws in Brazil could be fined up to 2% of total revenue.
Wherever we find privacy laws, they tend to follow a few guiding principles, including:
- Notice – people are advised of the policies protecting personal information
- Choice & consent – people have and are aware of their choices around the collection and use of their data
- Access & participation – only the correct people have access to the appropriate data
- Integrity & security – security protocols are in place to prevent unauthorised access to data
- Enforcement – organisations are aligned with the regulations and compliance is enforced
A changing privacy landscape
Since the GDPR was launched in 2018, it has become known as one of the most forward-thinking and comprehensive sets of regulations protecting personal data.
It has shaped trends in the sector, and the way that a range of countries operate. We’ve since seen changes implemented in Canada, Brazil, India, China, and California.
In October 2020, for example, the National People’s Congress of China launched a draft of the Personal Information Protection Law, a huge step towards developing an all-encompassing privacy and data governance framework.
Whenever rulings change, it has ripple effects on the global privacy landscape. We are just beginning to see data policies align across countries and continents, but the global future of data protection is yet to be seen!
Want to learn more about GDPR? Read our blog ‘5 GDPR Essentials for Small Businesses’ to get on top of your data protection strategy, protecting your customers and your business.
By Matthew Porter on February 16th, 2022