The importance of data has risen considerably as a result of greater digitalization of enterprises, driven by the fast adoption of technologies such as cloud computing and data analytics. This tendency has an impact on both traditional and non-traditional businesses, as well as SaaS and e-commerce.
Data is properly regarded as the lifeblood of the modern global economy, yet transmitting protected data across borders is becoming increasingly difficult. Due to recently established data residency requirements, an increasing number of nations are erecting hurdles that make this procedure time consuming and costly.
Here are some examples of nations that have enacted or are close to implementing similar data privacy rules to help you get started:
Brazil's Lei Geral de Proteçao de Dados (LGPD) is essentially comparable to GDPR in terms of scope and applicability, but with less severe financial penalties for noncompliance. Companies who want to conduct business with Latin America's largest economy must follow LGPD or face fines of up to 50 million BRL (approximately 11.8 million EUR). LGPD was meant to take effect in February 2020, but after some last-minute parliamentary wrangling, it was eventually implemented in September 2020.
In February 2018, the Privacy Amendment (Notifiable Data Breaches) to Australia's Privacy Act took effect. Organizations having an annual turnover of more than 3 million AUD must report data breaches that constitute a "real danger of significant harm" within 30 days of discovery, or risk fines of up to 1.8 million AUD (approximately 1.1 million EUR).
While there is presently no federal data privacy legislation that applies to all businesses, each state in the Union has its own data privacy regulations. The most severe of these restrictions, in terms of scope, applicability, and fines, is the California Consumer Privacy Act (CCPA), which includes numerous sections that overlap with GDPR. California may be one of fifty states, but it has a higher population and yearly GDP than most nations in the world (before you ask, I have a source to back that up), which means the market touched by the CCPA is a significant portion of not only the US economy, but the global economy as well.
Since the CCPA's approval, politicians on both sides of the aisle have filed a host of comparable data privacy measures and initiatives in a number of other states and at the federal level. It remains to be seen if any of these measures will become law, but it looks that momentum is rising. Then there are some in the IT sector, like as Apple CEO Tim Cook, who are pushing for similar laws in the United States.
While there was a structure in place to make GDPR compliance easier clear for enterprises on both sides of the Atlantic, the European Court of Justice invalidated the agreement, claiming that EU data subjects' rights were not effectively secured from US monitoring.
Following the ECJ's recent judgement, the EU and the US have re-entered negotiations on how to reach a new accord.
Personal Data Protection Bill (PDPB) was introduced in India's parliament in December 2019 and is expected to be passed this year. Companies throughout India have already begun to plan. PDPB is patterned after GDPR, albeit some of its regulations aren't as clearly written down, and India's Central Government is granted more leeway over how it is implemented and when exceptions can be granted. In terms of needing agreement from data subjects (or, in the case of the PDPB, "data principals"), breach notification requirements, a right to be forgotten, and severe fines for noncompliance that might be as high as 4% of worldwide annual turnover, it is identical.
The People's Republic of China published a draught of its Personal Data Protection Law, or PDPL, in October 2020. This proposal has gotten a lot of attention throughout the world since its extraterritorial scope is considerably clearer than China's current Cyber Security Law. If passed, businesses doing business in China, regardless of whether they have a physical presence there, would be required to comply or face fines of up to 50,000,000 CNY (approximately 6 million EUR) or 5% of worldwide annual revenue, as well as personal sanctions of up to 1 million CNY for anyone found guilty.
The Canadian government presented the Digital Charter Implementation Act, which would change the country's data privacy rules, on November 17, 2020. Innovation Minister Navdeep Bains defined it as a “act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act, as well as to make consequential and relevant modifications to other Acts,” according to the bill.
The act's goals and objectives would be aligned with some elements of GDPR if it were to be adopted. For the most egregious crimes, firms might face fines of up to 5% of worldwide revenue or $25 million, whichever is larger. Fines would be considerably greater than they are now under GDPR, which is limited at 4%.