ANNUAL REVIEW

Data Protection & Privacy Laws 2019

December 2019  |  DATA PRIVACY

financierworldwide.com

Click cover to download

(Subscriber-only password access)

 

Not a subscriber?

Click here to join the FREE mailing list and receive password access

Data protection is one of the most important issues of our time. There is a burgeoning understanding, among the general public, across business and throughout the world, of the importance of data and the consequences of a breach. The financial and reputational damage suffered by companies that fall short can be significant, particularly since implementation of new legislation such as the European Union’s General Data Protection Regulation (GDPR).

 

UNITED STATES

Jessica N. Cohen

Skadden, Arps, Slate, Meagher & Flom LLP

“Given the rapidly changing privacy landscape in the US, it can be challenging for companies to feel that they fully understand all of their duties, particularly under new legislation for which compliance norms have not yet been established. That said, larger companies that have dedicated privacy personnel who are able to focus on these matters daily are aware of the requirements, particularly in regulated industries. Smaller companies that have fewer resources to devote to monitoring changing requirements may have a harder time keeping up.”

 

CANADA

David Krebs

Miller Thomson LLP

“I believe that some companies do understand their duty while others are quite unaware of their obligations and the potential risk of exposure they have. For example, the Office of the Privacy Commissioner of Canada (OPC) just released a report summarising the changes in breach reporting since mandatory reporting was implemented in November 2018. The OPC found that the majority of reports relate to unauthorised access. Now, some of this was access by outside bad actors but a large portion of it was access from within, such as employees with improper data access permissions looking at what they were not supposed to be looking at.”

 

UNITED KINGDOM

Tim Hickman

White & Case

“The degree to which different businesses understand their data confidentiality and data protection obligations varies significantly. In part, this is a result of sectoral differences – businesses that have historically experienced high volumes of complaints from individuals regarding the processing of personal data, such as technology companies, healthcare providers, and so on, generally have a deeper understanding of these issues simply because they have been forced to grapple with them more frequently.”

 

GERMANY

Kathrin Schürmann

Schürmann Rosenthal Dreyer

“Much has changed in recent years in terms of understanding and appreciating data protection, both among companies and individuals. A driving factor in this change was undoubtedly the implementation of the General Data Protection Regulation (GDPR) in May 2018, which forced companies to become more aware of their own data processing practices and their implications. However, this process is still relatively new and will require constant maintenance and further development, particularly for data-driven business models.”

 

ITALY

Giangiacomo Olivi

Dentons

“Based on our professional experience, companies’ awareness of confidentiality and data protection has significantly evolved in recent years. The European Union (EU) General Data Protection Regulation (GDPR) has had a fundamental role in strengthening companies’ data protection culture and in granting a higher level of attention to personal data processing. That said, the path of growth in the field of privacy is at an early stage and data protection provisions are still evolving. In this context, the role of legal advisers is essential to further raise awareness and help companies to fully understand their confidentiality and data protection duties.”

 

INDIA

Aprajita Rana

AZB & Partners

“Companies are becoming increasingly aware of their duties of confidentiality and data protection, though awareness varies across sectors and businesses. Sectors such as banking, telecommunications, the cloud and e-commerce have witnessed data-focused regulatory intervention and are therefore more aware. The emergence of the General Data Protection Regulation (GDPR) has also contributed to this awareness, as Indian companies that are part of multinational groups or are driven toward EU businesses have been evaluating their data protection frameworks to make them GDPR compliant.”

 

CHINA

Harrison Jia

DeHeng Law Offices

“The introduction of the Cyber Security Law of the People’s Republic of China (CSL) has enabled a considerable number of companies to deepen their understanding of the duties of confidentiality and data protection. Companies have begun to develop internal training programmes and upgrade their privacy policies. A few companies have also developed or updated safety management systems and operating procedures. However, there are still some challenges around implementation of evolving privacy laws. Firstly, among the companies which have taken cyber security measures, few have introduced data compliance reviews or consulted third-party professionals on data compliance issues.”

 

INDONESIA

Benny Bernarto

TNB & Partners in association with Norton Rose Fulbright Australia

“Indonesia has yet to enact a single principal data protection law. Rather, elements of data protection rules are spread across various regulations governing individual sectors, such as financial services, health and life sciences, or are included in the Indonesia Electronic Information and Transaction (EIT) law. Highly regulated sectors, such as financial services, have heightened awareness of the role and importance of data protection, as have multinational corporations with businesses based in Indonesia that are very likely subject to, among other things, the European Union’s (EU’s) General Data Protection Regulation (GDPR), among others.”

 

ISRAEL

Haim Ravia

Pearl Cohen Zedek Latzer Baratz

“Media and industry coverage of two pieces of legislation that took effect in May 2018 have raised awareness of data protection issues among Israeli companies. The first, the Protection of Privacy Regulations (Data Security), set out detailed and prescriptive information security requirements for all companies processing personal data. Although the Israeli privacy regulator is currently experiencing organisational instability, the effect of the new regulations has not subsided. The second piece of legislation is the EU General Data Protection Regulation (GDPR), the extraterritorial reach of which affects many Israeli companies.”

CONTRIBUTORS

AZB & Partners

DeHeng Law Offices

Dentons

Miller Thomson LLP

Pearl Cohen Zedek Latzer Baratz

Schürmann Rosenthal Dreyer

Skadden, Arps, Slate, Meagher & Flom LLP

TNB & Partners in association with Norton Rose Fulbright Australia

White & Case

©2001-2024 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.