November 24, 2020
Data has become a fungible asset for nearly every organization, no matter if they are profit, non-profit, large, or small.
The combination of increased technological resources for data collection and the rise of inexpensive and potentially limitless cloud storage, organizations store massive amounts of data on private individuals and in many cases use this data as a source of revenue. From the standpoint of the individuals whose personal information is being bought and sold, that is a problem.
The EU made a ground-breaking shift to address these concerns by introducing the General Data Protection Regulation, or GDPR. This data privacy regulation protects the data privacy of EU citizens and residents no matter where in the world the company using that data is located. Since then, similar legislation has been enacted in nations around the world, including the California Consumer Privacy Act (CCPA) in the United States, the Lei Geral de Proteção de Dados Pessoais (LGPD) in Brazil, and Protection of Personal Information Act (POPIA) in South Africa. Which of these laws is your organization going to be affected by and what kind of differences are there between them?
The first steps taken by the EU with the enactment of GDPR have started to be seen around the world. California, as the largest state in the US has enacted a law that, while lesser in scope than GDPR, still establishes clear guidelines on the appropriate use of personal data. It’s a model that may soon be replicated throughout the country, possibly on a national level. In a country as large and economically vibrant as Brazil, data protection law was an inevitability. Virtually any company with a global presence will process personal data about Brazilian consumers. The need to comply with the LGPD will soon be a world wide requirement. South Africa in its approach to data protection is focused more nationally; though as an economic and cultural hub POPIA’s restrictions will affect many international businesses.
Because so many of these regulations have similar stipulations, a general guideline to have data privacy by default as the starting point in your business will help handle these and the data privacy regulations to come.