Click cover to download

(Subscriber-only password access)

Not a subscriber?

Click here to join the FREE mailing list and receive password access

Data protection is one of the most challenging aspects of modern business, given the rising risks to data privacy. From malicious external actors to careless or malfeasant insiders, companies are grappling with an ever-evolving list of threats and must take action to ensure they uphold their data security obligations. Prudent organisations can leverage data to improve their operations, raise their brand and reputation, and strengthen consumer trust. In a competitive business landscape, sound data practices can make the difference. Implementing suitable processes to protect and maintain the integrity of data is key.

UNITED STATES

WilmerHale

“Companies in the US are becoming more aware of their data protection obligations, especially as new privacy laws in the US continue to pop up at the state level. With each new law, we are seeing more companies becoming aware of their compliance obligations. We expect this will continue as these laws expand to include more states, more specific categories of data, and additional restrictions on the use of data in sensitive areas, such as healthcare and online advertising.”

MEXICO

Arochi & Lindner

“In Mexico, as in every country, the digital age has brought many advantages as well as challenges and new duties. Today, companies must continually strive to fully understand their data privacy and protection responsibilities. Although in Mexico these obligations are primarily set out by the Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP), the coming of the digital age has blurred all kinds of borders. Thus, to enhance understanding and compliance with data privacy and protection duties, Mexican companies must be familiar with not only the local legal framework, but with legal standards around the world, such as the General Data Protection Regulation (GDPR) in the EU and developments in other Latin American jurisdictions, among others.”

UNITED KINGDOM

FTI Consulting LLP

“Despite the momentum of the last five years around the development of stringent data privacy laws, many organisations still need help understanding their data landscape and maintaining a robust map of personal data and how data flows across their organisation and between third parties and their golden data sources. Ensuring robust data mapping is embedded within the business and maintained continuously is critical to assessing risk and compliance with data protection requirements. As the regulatory landscape evolves, organisations need an adaptable and scalable approach to data protection.”

BELGIUM

CMS Belgium

“Companies in Belgium must make further efforts to fully comprehend their data privacy and protection duties in the digital age. Despite notable advancements made in the past five years, particularly through the implementation of the EU’s General Data Protection Regulation (GDPR), there remains a noticeable disparity in the awareness and adherence to this regulation among many organisations. Significant data breaches continue to occur, indicating a lack of understanding and preparedness by Belgian companies. Many businesses collect and process personal data without fully comprehending their responsibilities and the potential risks involved.”

SWITZERLAND

Prager Dreifuss Ltd

“In the recent past, companies’ awareness of the relevance of data protection has grown steadily. In particular, the entry into force of the General Data Protection Regulation (GDPR) was a boost for the relevance of data protection topics. Initially, this could be seen primarily in internationally active companies directly affected by GDPR, due to them being active in the European Union (EU) and the European Economic Area (EEA). Since then, the feeling of urgency has spread to companies affected less directly by the GDPR. Indeed, businesses handling sensitive categories of personal data are increasingly aware of the challenges they encounter in terms of data protection.”

PEOPLE'S REPUBLIC OF CHINA

East & Concord Partners

“The promulgation and implementation of the Cybersecurity Law of the People’s Republic of China (CSL), the Data Security Law of the People’s Republic of China (DSL), and the Personal Information Protection Law of the People’s Republic of China (PIPL), along with subsequent regulations and standards, have significantly strengthened China’s data protection and privacy legal framework. A regulatory structure, coordinated by the Cyberspace Administration of China (CAC) and involving multiple relevant authorities, has been established, leading to intensified regulatory activities.”

AUSTRALIA

Hogan Lovells

“Due to the evolving digital landscape and a greater volume of personal information being collected by companies, there is an increased need for companies to focus on their data privacy and protection obligations. Recent data breaches have demonstrated that companies’ compliance with the Privacy Act 1988 requires improvement. In our experience, the most common privacy breaches relate to inadequate notices being provided to individuals, failure to obtain valid consent from individuals, misuse of sensitive personal information, failure to adequately secure and protect personal information from misuse or unauthorised use – including offshore storage of data – and failure to implement or comply with requisite data retention laws.”

SOUTH AFRICA

CMS RM Partners Inc

“Larger organisations, as well as multinationals, operating in South Africa generally have dedicated legal and compliance teams and are well resourced to effectively manage the data privacy and protection landscape. These organisations tend to have sophisticated and well-developed data privacy compliance programmes. Many smaller organisations and some medium-sized organisations may not necessarily be as well resourced. Consequently, while these organisations may have data privacy compliance programmes in place, there may be areas in which such programmes could be improved.”

KENYA

CMS-Daly Inamdar Advocates LLP

“A cursory glance at the registration portal of the Office of the Data Protection Commissioner (ODPC) shows that the number of companies registered at present is no more than 7000. The registry of active companies shows many more registered companies compared to those registered as data controllers and data processors. With registration being the first step toward data protection compliance, the number of companies registered for compliance is a clear indication that more companies need to focus on understanding the need to comply with the data protection laws in Kenya.”

MAURITIUS

Juristconsult Chambers

“To a large extent, companies in Mauritius are aware of the Data Protection Act 2017 (DPA) which governs data protection, and which came into operation on 15 January 2018. They are also aware that they have obligations imposed by the DPA when they act as controllers or processors and that those individuals whose data they are processing have rights guaranteed by the DPA. However, there is work to be done before companies in Mauritius become fully compliant with the DPA. Companies must become more conscious of their duty of accountability to those data subjects whose data they are processing.”

CONTRIBUTORS

Arochi & Lindner

CMS Belgium

CMS RM Partners Inc

CMS-Daly Inamdar Advocates LLP

East & Concord Partners

FTI Consulting LLP

Hogan Lovells

Juristconsult Chambers

Prager Dreifuss Ltd

WilmerHale