Blog

Under the EU Charter of Fundamental Rights, all member states were required to create a data protection authority. These agencies are tasked with protecting the rights of EU citizens' data in the member state. The French Data Protection Authority in France is the CNIL.

Across the world, businesses and individuals are now commonly aware of the GDPR. That is a legislative framework governing the collection and use of EU citizen personal data. What’s often less appreciated is the role individual member states play in data protection.

As the internet has become increasingly globalized, national authorities have taken steps to protect citizens' personal data. That comes after numerous major data breaches from transnational corporations, in addition to the secretive collection of personal data without regulatory oversight. In Singapore, the law on data protection is the PDPA.

The LGPD is the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados Pessoais). It was passed into law by the National Congress of Brazil on 14 August 2018 and came into effect in September 2020.

While most people working in data protection have heard of the GDPR, the CCPA receives much less attention. Passed by the California State Legislature, the CCPA attempts to give consumers more control over their personal data.

When the GDPR came into full effect in May 2018, the United Kingdom (UK) was still a member state of the EU. Though negotiations for the UK's exit from the EU (Brexit) had been ongoing since the referendum in 2016, the UK remained obligated to comply with the GDPR.

Does the GDPR Apply to Companies Outside of the EU?

If you’re a business handling personal data, you’ll know: GDPR has changed everything. No longer can organizations freely collect data on people around the world. Now, no matter the organization location, they’re still expected to treat EU citizen personal data in accordance with the GDPR

GDPR is the farthest-reaching data protection legislation in the world. It governs the collection, storage, and destruction of personal data for all citizens of the EU. Nor are organizations located geographically outside the EU exempt. This overarching regulation covers any personal data from EU citizens.

Following years of data breaches and tech companies’ secretive use of personal data, the EU responded with the GDPR. It governs and regulates the collection and use of personal data for EU citizens. That doesn't just apply to companies based in the EU. It applies to any company to which EU citizens have access – even if the organization does not market to EU citizens directly.