This global landscape guide reflects the evolving legal frameworks designed to protect individual rights and ensure responsible data handling practices.
These laws vary significantly across jurisdictions, covering aspects such as data collection, processing, storage, and cross-border transfers. Key principles often include:
- Individual Rights: Granting individuals control over their personal data, including the right to access, rectify, delete, and object to processing.
- Accountability: Imposing obligations on organizations to be accountable for their data processing activities.
- Data Security: Requiring organizations to implement appropriate security measures to protect personal data from unauthorized access, use, or disclosure.
- Transparency: Mandating transparency regarding data collection, use, and sharing practices.
This evolving legal landscape presents both challenges and opportunities for businesses. Compliance with these diverse regulations requires careful planning and ongoing monitoring. However, it also fosters trust with consumers and can provide a competitive advantage for businesses that prioritize data privacy and security.
This table provides a snapshot of key data privacy laws around the world.
Please note: This list is not exhaustive, continues to evolve, and that we provide very in depth content pieces on different and may not include all regional or local regulations. Data privacy laws are complex and subject to change as they so often do.
For help with automating your data privacy requirements book a demo with a Captain Compliance Privacy Expert.
Comprehensive Global Overview of Data Privacy Laws
Country/Region | Law | Effective Date | Scope | Overview |
---|---|---|---|---|
๐ฆ๐ท Argentina | Ley de Protecciรณn de Datos Personales | October 2000 | Argentina | Protects personal data and establishes rights for individuals, such as access, rectification, and deletion. |
๐ฆ๐บ Australia | Privacy Act 1988 | December 1988 (with amendments) | Australia | Governs the collection, use, and disclosure of personal information by Australian Government agencies and some private sector organizations. |
๐ฆ๐น Austria | Data Protection Act 2018 | May 2018 | Austria | Implements the GDPR. |
๐ง๐ช Belgium | Law of 8 December 1992 on the protection of privacy with regard to the processing of personal data | December 1992 | Belgium | Implements the GDPR. |
๐ง๐ท Brazil | General Data Protection Law (LGPD) | August 2020 | Brazil | Comprehensive data protection law granting individuals broad rights and imposing strict obligations on organizations. |
๐ง๐ฌ Bulgaria | Personal Data Protection Act | January 2002 | Bulgaria | Implements the GDPR. |
๐จ๐ฆ Canada | Personal Information Protection and Electronic Documents Act (PIPEDA) | January 2004 | Canada (with some provincial variations) | Regulates the collection, use, and disclosure of personal information in the course of commercial activities. |
๐จ๐ฑ Chile | Law No. 19.628 on Protection of Personal Data | March 1999 | Chile | Protects personal data and establishes rights for individuals, such as access, rectification, and deletion. |
๐จ๐ณ China | Cybersecurity Law | June 2017 | China | Focuses on cybersecurity and data security, including provisions related to data localization and cross-border data transfers. Personal Information Protection Law (PIPL) |
๐จ๐ด Colombia | Law 1581 of 2012 | October 2012 | Colombia | Protects personal data and establishes rights for individuals, such as access, rectification, and deletion. |
๐จ๐ท Costa Rica | Law No. 8968 | March 2011 | Costa Rica | Protects personal data and establishes rights for individuals, such as access, rectification, and deletion. |
๐จ๐ฟ Czech Republic | Act No. 101/2000 Coll. on the Protection of Personal Data | July 2000 | Czech Republic | Implements the GDPR. |
๐ฉ๐ฐ Denmark | Act on the Processing of Personal Data | May 2018 | Denmark | Implements the GDPR. |
๐ช๐ช Estonia | Personal Data Protection Act | 2001 | Estonia | Implements the GDPR. |
๐ช๐บ European Union | General Data Protection Regulation (GDPR) | May 2018 | European Union | Comprehensive data protection regulation that provides individuals with greater control over their personal data and imposes strict obligations on organizations that1 process personal data. |
๐ซ๐ฎ Finland | Personal Data Act | 1999 | Finland | Implements the GDPR. |
๐ซ๐ท France | Law No. 78-17 of 6 January 1978 relating to Information Technology, Data Files and Liberties (“Informatique et Libertรฉs”) | January 1978 | France | One of the first data protection laws in the world. |
๐ฉ๐ช Germany | Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG) | January 2009 | Germany | Implements the GDPR. |
๐ฌ๐ท Greece | Law 2472/1997 on the Protection of the Individual and the Processing of Personal Data | July 1997 | Greece | Implements the GDPR. |
๐ญ๐บ Hungary | Act on the Protection of Personal Data and the Freedom of Information | 1992 | Hungary | Implements the GDPR. |
๐ฎ๐ธ Iceland | Act No. 77/2000 on the Protection of Personal Data | June 2000 | Iceland | Implements the GDPR. |
๐ฎ๐ณ India | Information Technology Act (IT Act) 2000 | 2000 (with amendments) | India | Includes provisions for data protection, cybersecurity, and e-commerce, with amendments addressing emerging technologies. |
๐ฎ๐ฉ Indonesia | Law Number 27 of 2022 on Personal Data Protection | November 2022 | Indonesia | Comprehensive data protection law that regulates the processing of personal data. |
๐ฎ๐ช Ireland | Data Protection Acts 1988 and 2018 | 1988 (with amendments) | Ireland | Implements the GDPR. |
๐ฎ๐น Italy | Legislative Decree No. 196/2003 | June 2003 | Italy | Implements the GDPR. |
๐ฏ๐ต Japan | Act on the Protection of Personal Information | April 2003 | Japan | Regulates the handling of personal information by businesses and government agencies, emphasizing accountability and transparency. |
๐ฐ๐ท South Korea | Personal Information Protection Act | August 2011 | South Korea | Regulates the collection, use, disclosure, and transfer of personal information, with a focus on protecting individuals’ rights and promoting data security. |
๐ฑ๐ป Latvia | Personal Data Protection Law | 1997 | Latvia | Implements the GDPR. |
๐ฑ๐น Lithuania | Law on the Legal Protection of Personal Data | 1996 | Lithuania | Implements the GDPR. |
๐ฑ๐บ Luxembourg | Law of 2 August 2002 on the Protection of Individuals with Regard to the Processing of Personal Data | August 2002 | Luxembourg | Implements the GDPR. |
๐ฒ๐น Malta | Data Protection Act | 2001 | Malta | Implements the GDPR. |
๐ฒ๐ฝ Mexico | Federal Law on the Protection of Personal Data Held by Private Parties | July 2010 | Mexico | Protects personal data and establishes rights for individuals, such as access, rectification, and deletion. |
๐ณ๐ฑ Netherlands | Personal Data Protection Act | 1992 | Netherlands | Implements the GDPR. |
๐ณ๐ฟ New Zealand | Privacy Act 1993 | December 1993 | New Zealand | Governs the collection, use, and disclosure of personal information by organizations. |
๐ณ๐ด Norway | Personal Data Act | 2000 | Norway | Implements the GDPR. |
๐ต๐ฑ Poland | Act of 29 August 1997 on the Protection of Personal Data | August 1997 | Poland | Implements the GDPR. |
๐ต๐น Portugal | Law No. 67/98 of 26 October | October 1998 | Portugal | Implements the GDPR. |
๐ท๐ด Romania | Law no. 677/2001 on the Protection of Individuals with Regard to the Processing of Personal Data | December 2001 | Romania | Implements the GDPR. |
๐ท๐บ Russia | Federal Law on Personal Data | July 2006 | Russia | Regulates the processing of personal data within Russia. |
๐ธ๐ฐ Slovakia | Act No. 122/2013 Coll. on the Protection of Personal Data | January 2014 | Slovakia | Implements the GDPR. |
๐ธ๐ฎ Slovenia | Personal Data Protection Act | 2001 | Slovenia | Implements the GDPR. |
๐ช๐ธ Spain | Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights | December 2018 | Spain | Implements the GDPR. |
๐ธ๐ช Sweden | Personal Data Act | 1998 | Sweden | Implements the GDPR. |
๐จ๐ญ Switzerland | Federal Act on Data Protection | January 2000 | Switzerland | Provides a comprehensive framework for data protection in Switzerland. |
๐น๐ท Turkey | Law No. 6698 on the Protection of Personal Data | April 2016 | Turkey | Regulates the processing of personal data and establishes rights for individuals. |
๐ฌ๐ง United Kingdom | Data Protection Act 2018 | May 2018 | United Kingdom | Implements the GDPR with some minor differences to reflect the UK’s post-Brexit status. |
๐บ๐ธ United States | ย 20+ different State Laws |