GDPR is here: What does it mean for data protection across the globe?

The EU’s General Data Protection Regulation (GDPR) comes into effect today 25th May 2018. Not only are member EU states expected to comply with this but so are companies across the globe who handle EU citizens data. To coincide with the regulation coming into force, Consumers International has released a briefing detailing what it will mean for consumers and a snapshot of the state of data protection for consumers across the globe.

The key takeaways on GDPR

  • GDPR will replace the EU’s previous data law adopted in 1995 – before Google was even registered as a domain name.
  • At its core, the regulation has been updated to reflect the way data is used in the digitally connected age, and bring laws and obligations around personal data, privacy and consent across Europe in line with this.
  • Key changes around obtaining consent to collect and transmit data from consumers
  • Businesses are now required to implement a privacy by design approach to compliance
  • Data privacy laws across Europe are harmonised to ensure clarity and consistency
  • Greater powers to regulators to enforce the regulation through tough fines.

What does it mean for consumers?

Digital privacy is top of mind for many consumers. With data breach scandals in the news, individuals are becoming more aware and concerned about who has their data, and more importantly, who controls how that information is gathered, used and shared. GDPR aims to rectify this by giving the consumer more rights and control over their digital privacy.

Companies holding their information will have to obey strict rules around transparency and accountability such as allowing consumers to access or move their data, informing them about data breaches and in certain circumstances upholding their right to be forgotten.

Data protection across the globe

The GDPR is now the strongest data protection regime in the world, leading many to hope that it will set a ‘gold standard’ for other jurisdictions. The requirement on companies that process EU citizen’s data to abide by the regulation regardless of location, adds weight to this and could be used as leverage by citizens of other countries, particularly where company activity crosses borders.

That is the hope for the future – but what is the current status of data protection laws across the world? 

Governments around the world are trying to modernise their data protection regulation and put the right regulatory standards in place to protect their citizens against data breaches. The UNCTAD Data Legislation and Privacy Legislation tracker provides a great snapshot of what is happening across the world with data protection. According to the tracker, over 100 countries now have data protection laws in place. Some countries like Andorra and Morocco are leading the way by converging their domestic laws to universally recognised standards such as OECD’s Guidelines for GDPR. Others have laws in place, which aren’t as robust as they could be but provide a good starting ground for improvements to be made.

What next: hope for the future?

In this interconnected age characterised by cross border flows of data, countries should move towards greater global data protection regulation harmonisation to ease the challenges inherent in multiple data protection regimes in multiple jurisdictions around the world.

Understandably, global convergence will be hard due to differences in their political, economic and social development. Consumers International research released last year found that capacity of policy makers, resources for monitoring and enforcement systems and the political climate around national security all made developing frameworks coherent with GDPR or OECD difficult.

Additionally, where data is included in trade negotiations, there will be pressure to harmonise down as protection is often seen as a barrier to trade.

But there is now a high standard of practice to follow, something long overdue for consumers in the digital economy and society.