Data Protection

The GDPR has influenced the future of corporate compliance at a global level. As we see the CCPA, the USCDPA, and bills in other jurisdictions like India and Brazil being passed, it is evident that all companies soon will be required to comply with some consumer data privacy measure.

Since June 1, eight U.S. states have either amended or enacted tougher new data breach notification laws requiring notification anywhere between 30 to 60 days. While still a far cry from the 72 hours required under the European GDPR, tougher notification laws will no doubt be adopted around the world.

Recent PwC survey results indicate that half of respondents were not confident that their organizations would meet the 2020 deadline for CCPA compliance. What are the lessons learnt from the GDPR compliance exercise that can help companies approach CCPA and other upcoming requlations?

While the practical interpretation and implementation of the GDPR has been heavily discussed, it is sometimes overlooked that the GDPR itself offers solutions to handle the legal uncertainty: Codes of Conduct and Certifications.

There will be grey areas in GDPR for a while to come and certainly in the early stages there will be test cases and adjustments to the Articles to clarify and ratify their use in real world practice.

Faced with a deluge of complaints regarding violations in terms of general data protection, regulators are expected to levy the first GDPR fines and other sanctions by year end.

Regulatory reporting for GDPR compliance requires effectively operationalising the use of appropriate technical and organisational measures to allow for reporting at the enterprise and project level.

Will your website will be in some way impacted by expanded privacy legislation like the GDPR? Do you need to change how you do business online? Much of what’s required is simply good data hygiene.

Multinationals face difficult and unique data privacy and security compliance challenges to successfully meet the ongoing waves of government regulations. To meet these challenges, multinationals must have enhanced visibility across their global key assets and comprehensive controls.

India's data protection law is already being criticized, with some claiming it does too little by not giving the data protection authority sufficient power to bring violators to justice; and others fearing it goes too far with the potential for mass surveillance