Most businesses have a touch point to personal data – whether that be customer data, employee data or data processing. To help businesses navigate the complex landscape of global data regulation laws, analyst house Forrester has created a data privacy heat map that highlights the data protection guidelines and practices for 54 different countries.
Here, Chris Sherman, senior analyst serving the security and risk sectors provides an essential overview of how the regulation landscape is changing and reflecting on the past five years of annual assessments, where three high-level trends emerge.
This article originally appeared in MEF’s most recent Consumer Trust eBulletin which can be downloaded here for free.
Countries continue moving toward the EU standard for data protection.
New legislation outside of the EU often follows the EU’s lead by adopting provisions similar to those in the existing Directive 95/46/EC regulation. The slow global convergence toward the requirements outlined in the regulation continued through 2016.
For example, Argentina and Japan strengthened pre-existing policies, while Nigeria passed its first comprehensive cybercrime legislation. Japan also established an independent regulatory body (“Privacy Protection Commission”) that oversees privacy issues – a requirement of both the current Directive and the superseding European General Data Protection Regulation (GDPR).
The GDPR has already begun to raise the legislative tide within the EU and abroad.
The General Data Protection Regulation (GDPR) is the most significant recent data privacy legislation to affect businesses across the globe. The regulation imposes a higher standard of personal data protection, with significant penalties for noncompliance for companies across the European Union (EU). It also applies to foreign companies that offer services or products to EU residents or collect their data.
While the regulation is yet to be enforced, it has already had an effect outside of the EU. For example, in March 2016, South Korea enacted stiff penalties for data privacy violations by telecommunications and online service providers in a fashion similar to the upcoming GDPR (up to 3% of total global revenue in South Korea, 4% for the GDPR).
Attempts to strengthen surveillance undermine data protection laws.
While some countries are reluctant to expose their citizens’ data in any way, many others seek more access. For example, Finland is drafting legislation that would give its military and domestic security forces broad access to civilian web communications to gather intelligence.
Even countries with a strong and long-standing privacy protection footprint, like Germany and the Netherlands, passed or are about to pass regulations that considerably increase government’s surveillance powers.
Meanwhile, criticism has prompted India to withdraw a law in late 2015 that would have forced companies to store all encrypted electronic communication in plaintext for 90 days.
The balance between security intelligence and personal privacy continues to pit governments against citizens.
In a world where privacy has become a competitive differentiator for multi-national organizations, businesses must increasingly work with their general counsels and chief privacy officers to understand global data privacy requirements, implementing controls that protect personal data accordingly.
Click here for further details on Forrester’s Data Privacy Heatmap tool.
Supported by Mozilla and bics, this eBulletin examines the issue of Consumer Trust in the mobile ecosystem.
It takes an in-depth look at the business models, regulatory landscape and market drivers that are shaping mobile business through the lens of Consumer Trust and includes discussion on a healthy Internet from Chris Riley, head of public policy at Mozilla, a look at the influence of the forthcoming GDPR from senior security & risk analyst Chris Sherman at Forrester as well as a guide to global regulation, market forecasts and much more.