How GDPR has inspired a global arms race on privacy regulations

Companies with a global presence face the challenge of achieving compliance with an increasing array of regional data-protection regulations.

With many jurisdictions embracing EU-style privacy rules in line with the European Union’s GDPR, such as mandatory data-protection impact assessments, data privacy officers, and notification to individuals and regulators in the event of a data security breach, compliance is increasingly complex and an increasing burden for organizations.

At the same time, data sovereignty rules laws that require companies to store data locally, are rising. So too is a focus in some countries on data security. How privacy laws have developed, why they exist in the first place, and how they are regulated each are different in almost every country. These factors all add to the heightened regulatory requirements.

The multiple trends affecting data protection and privacy laws

When comparing various countries’ approach to privacy, the question is this: ‘Do they view privacy as a fundamental human right, like they do in Europe?’,” says Miriam Wugmeister, a Morrison Foerster partner and cochair of its global privacy and data security group.

GPDR has inspired many countries to strengthen their data-protection and privacy rules. Its biggest change from the previous rules — and why everybody paid attention — was because it radically changed the penalties, Wugmeister says.

To continue reading this article register now

22 cybersecurity myths organizations need to stop believing in 2022