NAVIGATING THE RAPIDLY EVOLVING DATA PRIVACY REGULATORY LANDSCAPE

The data security and privacy regulatory landscape is evolving dynamically. The wave of countries following the European Union’s (EU’s) approach to adopting comprehensive data protection legislation has increased rapidly in recent years. Brazil’s Lei Geral de Proteção de Dados (LGDP), China’s Personal Information Protection Law (PIPL) and South Africa’s Protection of Personal Information Act (POPIA) are just some of the major laws adopted.

We are now seeing a wave of new and amended legislations in the US at state level, with the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA) and the Utah Consumer Privacy Act (UCPA) all entering into force in 2023. Organisations are struggling to keep up with the requirements imposed by these laws. Multinational corporations are particularly faced with the challenge of navigating regulatory requirements across the jurisdictions where they operate globally.

Regulatory landscape

The majority of the laws adopted generally follow a similar approach and standards as the EU’s General Data Protection Regulation (GDPR). Overall, these laws and regulations establish a general framework for controlling and processing personal data, expanding the definition of personal data, outlining the responsibilities for privacy protection standards for data controllers and processors, granting individuals data subject rights with regard to their personal data, providing a private right of action, financial incentives, universal opt-outs, as well as outlining enforcement processes and penalties for violations of the laws. Overall, the laws provide stringent safeguards for personal data while demanding more accountability and transparency from the organisations collecting and processing personal data.

Jan-Mar 2023 Issue

Octillo