A World Of Difference: Comparing Data Privacy Laws

Kevin Shepherdson, CEO and founder of Straits Interactive

The digital age has made personal data the lifeblood of economies, as people share data and information practically daily. Data protection and privacy laws have been developed to safeguard the personal information of individuals and organisations. The most recent, and most significant addition, is China’s Personal Information Protection Law, which was enacted on 1 November 2021. 

With various data privacy/protection laws in place across the world, how do they compare in terms of the privacy and protection of personal data? 

With the threats becoming more significant with each passing year, we decided to take a closer look at some of the most prominent and established data privacy/protection laws, the similarities and differences, and what this means for businesses operating in these jurisdictions.

Key themes of the GDPR 

The European Union’s General Data Protection Regulation (EU GDPR), first adopted in 2016, is the de-facto reference standard for ASEAN data protection/privacy laws.

The following three of the key themes of the GDPR:

Social concerns: The social impact of personal data is of particular interest in the EU. GDPR promotes fair and ethical use of AI in data processing, calling for trust and accountability. 

Human rights: GDPR gives individuals the right to be informed about their personal data, and the ability to rectify and restrict processing, including erasing their data. 

Cross-border transactions/data flows: GDPR calls for restrictions on the transfer of personal data outside of the EU, to ensure that the protection of the individual is not undermined.

EU, ASEAN, US data protection/privacy legislation

In the following table, we can see the comparison between the GDPR and the various ASEAN data protection/privacy laws.

EUSGMYPHTHID
Lawfulness of processing with stricter consent requirements
Sensitive data / Special categories NRIC
Requirements for DPO✔*
Stricter requirements for processors✔*
Data Protection Impact AssessmentRecommendedRecommendedRecommendedRecommendedRecommended
Data Protection by DesignRecommendedRecommendedRecommendedRecommendedRecommended
Data Breach notification Recommended
Records of processing (*INDO, TH)Best practiceBest practiceBest practice
Extra-territorial application (*PHI, TH)N/AN/A✔*N/A

Table from Data Protection Excellence (DPEX) Network

There are many similarities, due to the concept, and it can also be seen that some of the GDPR’s key principles have been influential on ASEAN data privacy laws. Countries will create versions that best suit the interests of their jurisdictions. 

Operating with different legislations

Despite the fact that the data privacy/protection laws seek to protect consumers’ personal data, there are also differences according to the countries. Because of this, it is essential for organisations that have various operations across the globe to understand the requirements of the local data privacy laws and adjust their data privacy/protection management programme (DPMP) and practices accordingly.

Data breaches are helping consumers understand the importance of personal data protection, and to expect organisations to safeguard their data. Hence, a sound data privacy/protection management programme is a competitive advantage for businesses to assure consumers that they are trustworthy and accountable. 

Previous articleChina Home To 300 Unicorns Ranked Second Biggest Globally
Next articleThe Rise Of Digital Printing In The Fashion Industry

LEAVE A REPLY

Please enter your comment!
Please enter your name here