The GDPR wasn’t an endgame, but a prophecy. Data protection legislation is on a growth trajectory across governments worldwide.
Some of the more outstanding recent examples:
Brazil’s Federal Senate gave unanimous final approval to their Data Protection Bill of Law, explicitly modeled on the GDPR. Like the latter, it requires that consent be “free, informed, and unequivocal”, stipulates that companies appoint data protection officers (DPOs), and mandates they deploy privacy by design. It’s intended to take effect 18 months after signature by Brazil’s president.
Draft data privacy legislation in Indonesia, proposed by their Ministry of Communication and Informatics, directly copies a surprising amount of the E.U.’s regulation.
Similarly, Hong Kong’s Personal Data Ordinance apes GDPR like purpose specification, data minimization, and informed consent.
Even within the E.U., there are national regulations which add complexities for marketers.
The new German Privacy Act (BDSG-new) complements, specifies and modifies the GDPR by providing rules for specific topics such as data processing in the context of employment, the designation of a company DPO, scoring and credit checks, and profiling.
As of mid-2018, the White House National Economic Council was exploring what types of regulations could be implemented in the United States to prevent the next Cambridge Analytica scandal.
The California Consumer Privacy Act of 2018 (CCPA) grants consumers the right to know if their data is being processed, and to restrict its usage without losing access to the relevant digital services, though companies can offer different services or rates to consumers based on the amount of data they provide.
And other U.S. statesmay well pursue installing their own regulations.
Check out Crownpeak's Digital Governance solution to help you manage data responsibility, yet still deliver your users a great customer experience.