The General Data Protection Regulation (GDPR), which went into effect in May 2018, is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR’s primary aim is to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. Superseding the Data Protection Directive 95/46/EC, the regulation contains provisions and requirements related to the processing of personal data of individuals (formally called data subjects in the GDPR) who are located in the EEA, and applies to any enterprise—regardless of its location and the data subjects’ citizenship or residence—that is processing the personal information of individuals inside the EEA. It’s an attempt to give the individual the right to determine how and where their personal data is used.
The GDPR is doing for the EU and EEA areas what may be needed worldwide with respect to the handling and protection of personal data on the web. As technology allows widespread access to personal data, the solid regulations regarding how companies, the internet, and technology organizations are to handle and guard personal data do not exist in many places on the globe. When you think about and begin to understand the number of companies that have access to one’s personal data and what they can do with it, it is alarming. In a lot of places, they are expected to ‘self-regulate’ regarding your personal data. Social platforms have lost trust for this very reason. But, can countries simply duplicate the GDPR in their country. The short answer is no and they probably should not without adaptation to their country. Yet, because of the global nature of business, GDPR is becoming a model for personal data protection in the global arena where these regulations are sorely needed.
With the COVID-19 pandemic, the internet has taken the place of many face-to-face engagements. Working from home has become widely accepted as a business model in the U.S. This makes it even more important to have solid regulations to guard personal data. Some of the regulations, such as encryption and VPN have through adoption by large tech organizations quietly become a part of the way things are done on the web. More is coming. Thought and time have to be expended to understand the relative laws, tolerances, and concerns over personal data as it varies from country to country in order to apply GDPR-like regulations. There is a great difference in the level of concern for personal data protection between Germany, the U.S., and India, for example. Yet, Canada has enacted the Personal Information Protection and Electronic Documents Act (PIPEDA); and, other countries now have personal data and privacy regulations very similar to the GDPR. This includes
- South Korea,
- Chile, Updated
- New Zealand,
- South Africa,
Earlier In 2020, four ASEAN countries enacted laws similar to GDPR relating to personal data protection: Malaysia, Singapore, Philippines, and Thailand. Although the U.S. does not have regulations at the federal level, one state has enacted regulations similar to the GDPR, California’s