Comprehensive Global Overview of Data Privacy Laws

Table of Contents

This global landscape guide reflects the evolving legal frameworks designed to protect individual rights and ensure responsible data handling practices.

These laws vary significantly across jurisdictions, covering aspects such as data collection, processing, storage, and cross-border transfers. Key principles often include:

  • Individual Rights: Granting individuals control over their personal data, including the right to access, rectify, delete, and object to processing.
  • Accountability: Imposing obligations on organizations to be accountable for their data processing activities.
  • Data Security: Requiring organizations to implement appropriate security measures to protect personal data from unauthorized access, use, or disclosure.
  • Transparency: Mandating transparency regarding data collection, use, and sharing practices.

This evolving legal landscape presents both challenges and opportunities for businesses. Compliance with these diverse regulations requires careful planning and ongoing monitoring. However, it also fosters trust with consumers and can provide a competitive advantage for businesses that prioritize data privacy and security.

This table provides a snapshot of key data privacy laws around the world.

Please note: This list is not exhaustive, continues to evolve, and that we provide very in depth content pieces on different and may not include all regional or local regulations. Data privacy laws are complex and subject to change as they so often do.

For help with automating your data privacy requirements book a demo with a Captain Compliance Privacy Expert.

Comprehensive Global Overview of Data Privacy Laws

Country/Region Law Effective Date Scope Overview
๐Ÿ‡ฆ๐Ÿ‡ท Argentina Ley de Protecciรณn de Datos Personales October 2000 Argentina Protects personal data and establishes rights for individuals, such as access, rectification, and deletion.
๐Ÿ‡ฆ๐Ÿ‡บ Australia Privacy Act 1988 December 1988 (with amendments) Australia Governs the collection, use, and disclosure of personal information by Australian Government agencies and some private sector organizations.
๐Ÿ‡ฆ๐Ÿ‡น Austria Data Protection Act 2018 May 2018 Austria Implements the GDPR.
๐Ÿ‡ง๐Ÿ‡ช Belgium Law of 8 December 1992 on the protection of privacy with regard to the processing of personal data December 1992 Belgium Implements the GDPR.
๐Ÿ‡ง๐Ÿ‡ท Brazil General Data Protection Law (LGPD) August 2020 Brazil Comprehensive data protection law granting individuals broad rights and imposing strict obligations on organizations.
๐Ÿ‡ง๐Ÿ‡ฌ Bulgaria Personal Data Protection Act January 2002 Bulgaria Implements the GDPR.
๐Ÿ‡จ๐Ÿ‡ฆ Canada Personal Information Protection and Electronic Documents Act (PIPEDA) January 2004 Canada (with some provincial variations) Regulates the collection, use, and disclosure of personal information in the course of commercial activities.
๐Ÿ‡จ๐Ÿ‡ฑ Chile Law No. 19.628 on Protection of Personal Data March 1999 Chile Protects personal data and establishes rights for individuals, such as access, rectification, and deletion.
๐Ÿ‡จ๐Ÿ‡ณ China Cybersecurity Law June 2017 China Focuses on cybersecurity and data security, including provisions related to data localization and cross-border data transfers. Personal Information Protection Law (PIPL)
๐Ÿ‡จ๐Ÿ‡ด Colombia Law 1581 of 2012 October 2012 Colombia Protects personal data and establishes rights for individuals, such as access, rectification, and deletion.
๐Ÿ‡จ๐Ÿ‡ท Costa Rica Law No. 8968 March 2011 Costa Rica Protects personal data and establishes rights for individuals, such as access, rectification, and deletion.
๐Ÿ‡จ๐Ÿ‡ฟ Czech Republic Act No. 101/2000 Coll. on the Protection of Personal Data July 2000 Czech Republic Implements the GDPR.
๐Ÿ‡ฉ๐Ÿ‡ฐ Denmark Act on the Processing of Personal Data May 2018 Denmark Implements the GDPR.
๐Ÿ‡ช๐Ÿ‡ช Estonia Personal Data Protection Act 2001 Estonia Implements the GDPR.
๐Ÿ‡ช๐Ÿ‡บ European Union General Data Protection Regulation (GDPR) May 2018 European Union Comprehensive data protection regulation that provides individuals with greater control over their personal data and imposes strict obligations on organizations that1 process personal data.
๐Ÿ‡ซ๐Ÿ‡ฎ Finland Personal Data Act 1999 Finland Implements the GDPR.
๐Ÿ‡ซ๐Ÿ‡ท France Law No. 78-17 of 6 January 1978 relating to Information Technology, Data Files and Liberties (“Informatique et Libertรฉs”) January 1978 France One of the first data protection laws in the world.
๐Ÿ‡ฉ๐Ÿ‡ช Germany Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG) January 2009 Germany Implements the GDPR.
๐Ÿ‡ฌ๐Ÿ‡ท Greece Law 2472/1997 on the Protection of the Individual and the Processing of Personal Data July 1997 Greece Implements the GDPR.
๐Ÿ‡ญ๐Ÿ‡บ Hungary Act on the Protection of Personal Data and the Freedom of Information 1992 Hungary Implements the GDPR.
๐Ÿ‡ฎ๐Ÿ‡ธ Iceland Act No. 77/2000 on the Protection of Personal Data June 2000 Iceland Implements the GDPR.
๐Ÿ‡ฎ๐Ÿ‡ณ India Information Technology Act (IT Act) 2000 2000 (with amendments) India Includes provisions for data protection, cybersecurity, and e-commerce, with amendments addressing emerging technologies.
๐Ÿ‡ฎ๐Ÿ‡ฉ Indonesia Law Number 27 of 2022 on Personal Data Protection November 2022 Indonesia Comprehensive data protection law that regulates the processing of personal data.
๐Ÿ‡ฎ๐Ÿ‡ช Ireland Data Protection Acts 1988 and 2018 1988 (with amendments) Ireland Implements the GDPR.
๐Ÿ‡ฎ๐Ÿ‡น Italy Legislative Decree No. 196/2003 June 2003 Italy Implements the GDPR.
๐Ÿ‡ฏ๐Ÿ‡ต Japan Act on the Protection of Personal Information April 2003 Japan Regulates the handling of personal information by businesses and government agencies, emphasizing accountability and transparency.
๐Ÿ‡ฐ๐Ÿ‡ท South Korea Personal Information Protection Act August 2011 South Korea Regulates the collection, use, disclosure, and transfer of personal information, with a focus on protecting individuals’ rights and promoting data security.
๐Ÿ‡ฑ๐Ÿ‡ป Latvia Personal Data Protection Law 1997 Latvia Implements the GDPR.
๐Ÿ‡ฑ๐Ÿ‡น Lithuania Law on the Legal Protection of Personal Data 1996 Lithuania Implements the GDPR.
๐Ÿ‡ฑ๐Ÿ‡บ Luxembourg Law of 2 August 2002 on the Protection of Individuals with Regard to the Processing of Personal Data August 2002 Luxembourg Implements the GDPR.
๐Ÿ‡ฒ๐Ÿ‡น Malta Data Protection Act 2001 Malta Implements the GDPR.
๐Ÿ‡ฒ๐Ÿ‡ฝ Mexico Federal Law on the Protection of Personal Data Held by Private Parties July 2010 Mexico Protects personal data and establishes rights for individuals, such as access, rectification, and deletion.
๐Ÿ‡ณ๐Ÿ‡ฑ Netherlands Personal Data Protection Act 1992 Netherlands Implements the GDPR.
๐Ÿ‡ณ๐Ÿ‡ฟ New Zealand Privacy Act 1993 December 1993 New Zealand Governs the collection, use, and disclosure of personal information by organizations.
๐Ÿ‡ณ๐Ÿ‡ด Norway Personal Data Act 2000 Norway Implements the GDPR.
๐Ÿ‡ต๐Ÿ‡ฑ Poland Act of 29 August 1997 on the Protection of Personal Data August 1997 Poland Implements the GDPR.
๐Ÿ‡ต๐Ÿ‡น Portugal Law No. 67/98 of 26 October October 1998 Portugal Implements the GDPR.
๐Ÿ‡ท๐Ÿ‡ด Romania Law no. 677/2001 on the Protection of Individuals with Regard to the Processing of Personal Data December 2001 Romania Implements the GDPR.
๐Ÿ‡ท๐Ÿ‡บ Russia Federal Law on Personal Data July 2006 Russia Regulates the processing of personal data within Russia.
๐Ÿ‡ธ๐Ÿ‡ฐ Slovakia Act No. 122/2013 Coll. on the Protection of Personal Data January 2014 Slovakia Implements the GDPR.
๐Ÿ‡ธ๐Ÿ‡ฎ Slovenia Personal Data Protection Act 2001 Slovenia Implements the GDPR.
๐Ÿ‡ช๐Ÿ‡ธ Spain Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights December 2018 Spain Implements the GDPR.
๐Ÿ‡ธ๐Ÿ‡ช Sweden Personal Data Act 1998 Sweden Implements the GDPR.
๐Ÿ‡จ๐Ÿ‡ญ Switzerland Federal Act on Data Protection January 2000 Switzerland Provides a comprehensive framework for data protection in Switzerland.
๐Ÿ‡น๐Ÿ‡ท Turkey Law No. 6698 on the Protection of Personal Data April 2016 Turkey Regulates the processing of personal data and establishes rights for individuals.
๐Ÿ‡ฌ๐Ÿ‡ง United Kingdom Data Protection Act 2018 May 2018 United Kingdom Implements the GDPR with some minor differences to reflect the UK’s post-Brexit status.
๐Ÿ‡บ๐Ÿ‡ธ United States ย 20+ different State Laws

Written by:ย 

Richart Ruddie

Online Privacy Compliance Made Easy

Captain Compliance makes it easy to develop, oversee, and expand your privacy program. Book a demo or start a trial now.