International Privacy Laws & Standards



The importance of data privacy and data security is today highly recognized globally. Regulators and governing bodies globally have established and enforced several data privacy laws to ensure organizations prioritize data privacy of the information they collect, process, transmit and store of people. Today, there are around 128 out of 194 countries that have established data security and data privacy legislation to protect the integrity, and confidentiality of personal data. Let us take a look at some of the most popular data privacy laws established globally and is a mandate for organizations dealing with personal information.



GDPR EU

The EU General Data Protection Regulation is an international data privacy law that governs the processing of the personal data of citizens of the EU. Organizations that process such data are required to adhere to the regulation and ensure compliance at all times. It is a regulatory standard set to protect the data privacy rights of individuals of the European Union and also to ensure protection against the misuse of the data. Further organizations that do not comply with the regulation will have to face significant penalties of up to 4% of annual turnover or 20 million euros, whichever is greater.

More Detail

CCPA

The California Consumer Privacy Act is a Data Privacy law that regulates the way organizations process the personal data of California residents. It was the first of its kind law in the United States established to protect consumer privacy rights. The regulation widens the scope of regulation to address the concerns pertaining to consumer rights over the use of their data. So, with this regulation enforced, it requires organizations to be transparent about their data processing activity and give consumers full control over the use of their data.

More Detail

HIPAA

The Health Insurance Portability and Accountability Act of 1996 is a law established to protect sensitive Patient Health Information. Companies that process, store, use, and transmit Patient Health information (PHI) must be HIPAA Compliant. The regulation was developed to protect the privacy and security of patient health information. Organizations or covered entities are required to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting PHI& e-PHI data under the HIPAA regulation.

More Detail

PIPEDA

Personal Information Protection Electronic Documents Act (PIPEDA) is Canadian data privacy law designed to keep the standard consistent with other major data privacy laws, particularly the EU GDPR and UK GDPR.The Data Privacy law in Canada that came into effect on 13th April 2000is a regulation that governs the way private sector organizations handle Personal Information.

More Detail

GDPR UK

The UK General Data Protection Regulation Act is a data privacy law in the UK. After the Brexit, the UK GDPR Regulation came into effective on January 1st, 2021. So, organizations that deal with and process data of citizens of the UK are required to comply with the UK GDPR. The UK GDPR Regulation is very similar to the EU GDPR except with a few amendments to accommodate the domestic areas of law.

More Detail

PDPA Singapore

The Personal Data Protection Act (PDPA) is a framework designed to protect personal data in Singapore. The regulation recognizes the need to protect individuals’ personal data and the need for organizations to have a legitimate and reasonable purpose to collect, use or disclose personal data. By regulating the way personal data is used among organizations and protecting personal data from misuse, the PDPA aims to strengthen and build trust as a safe business hub in Singapore.

More Detail

PDPA Malaysia

The Personal Data Protection Act (PDPA) Malaysia is a law that regulates the processing of personal data among organizations for commercial business. It is a law that came into force on 15th November 2013 in Malaysia intending to protect personal data. The PDPA law safeguards personal data in a way that requires organizations to comply with certain obligations and conferring certain rights to the data subject concerning their personal data.

More Detail

Australia Privacy Act

The  Privacy Act is legislation established to protect the personal information of Australian citizens. The Privacy Act 1988 governs the way organizations, be it private or government collects, use, store and disclose personal information. It was introduced to promote and protect the privacy of individuals and regulate organizations with an annual turnover of more than $3 million, handling personal information.

More Detail

ISO 27701

ISO27701 is an International Standard that focuses on Privacy Information Management.  The standard is an extension to ISO27001 Information Security Management. It provides a detailed guideline for establishing, implementing, maintaining, and improving the Privacy Information in the organization. The ISO27701 Standard promotes various international data privacy laws like the EU GDPR, UK GDPR, CCPA, HIPAA to name a few. Implementation of the standard helps reduces risk and promote the privacy rights of individuals while enhancing the existing Information Security Management Systems in the organization. Holding the ISO27701 Certificate will help organizations demonstrate their seriousness and focus towards data privacy of critical business and client information.

More Detail