The EU General Data Protection Regulation (GDPR) has now been in effect for more than 2 years and while this landmark piece of legislation was groundbreaking in its scope, similar legislation can be expected to be introduced in many other countries. In the United States, the California Consumer Privacy Act has been introduced which is similar to GDPR in some respects. Plans are underway to expand the scope of the legislation further by the end of 2020.
Currently only around 10% of countries have data privacy legislation in place, but that minority is expected to become a majority in the next 3 years, according to the research and advisory organization Gartner. Gartner released a report at the virtual Security & Risk Management Summit 2020 in which it estimated that by 2023, 65% of countries will have data privacy legislation in place.
“With more countries introducing modern privacy laws in the same vein as the General Data Protection Regulation (GDPR), the world has reached a threshold where the European baseline for handling personal information is now the de facto global standard,” explained Gartner in the report”. Lawmakers are introducing new privacy laws that seek parity with the GDPR. These regulations allow whole countries to move one step closer to achieving adequacy with the EU, where their local businesses can benefit from a larger market with their new ‘trusted’ status.”
Given the financial penalties for noncompliance, companies must ensure that they are fully compliant with all regulations relevant to their industry sector and country, and also ensure compliance with the legislation of countries they do business with. Since there are likely to be many GDPR-like requirements from many different countries, it is important for companies to create policies and practices that can be easily scaled up and applied independently to data relating to individuals in different countries. When new data privacy laws are introduced, it will then be straightforward to be compliant and not only avoid regulatory fines, but also demonstrate to potential customers that their data are safe and secure.