In this article, we shall discuss 5 Countries with GDPR-like data privacy laws. To read our detailed analysis of the economic implications of the GDPR and the advent of the European Union’s new digital strategy, go directly and see 18 Countries with GDPR-like Data Privacy Laws.
5. Thailand
Average Score: 7
The Thailand Personal Data Protection Act (PDPA) was enacted into law in February 2019 and drew immediate comparisons to the GDPR, largely due to its broad definition of what constitutes ‘personal data’, the requirement to establish a legal basis for data collection and use, extra territorial applicability, and potentially harsh penalties for non-compliance. Some critics argue that the penalties for non-compliance are even harsher than the GDPR, ensuring unconditional compliance with the PDPA by international companies.
4. United Kingdom
Average Score: 8
Post its exit from the European Union, the UK Government took special measures to transpose relevant protections from the GDPR into a new regime – the UK GDPR. In addition to its wide extraterritorial scope, the UK GDPR also retains nearly all of the material obligations which were binding under the EU GDPR. It is further supplemented by the the Data Protection Act of 2018.
3. Nigeria
Average Score: 9
The Nigeria Data Protection Regulation (NDPR) was passed in November 2020 as an effort to ratify and implement the Malabo Convention of 2014. According to the NDPR, any African signatory of the Convention are considered as having adequate data protection laws. The NDPR replicates much of the provisions within the GDPR, including but not limited to extraterritoriality, defines obligations of data controllers and processors, and sets standards for personal data transfers. It only differs in one fundamental aspect: the NDPR doesn’t specify a minimum or maximum fine but lists extenuating factors taken into account when determining the amount of the fine.
2. Brazil
Average Score: 9
One of the first data privacy protection laws to enter into effect after the GDPR, Brazil’s Lei Geral de Protecao de Dados (LGPD) was modelled after the GDPR in every meaningful way. From extraterritorial applicability and scope to provisions for data transfers outside Brazilian jurisdiction, the LGPD came into effect in September 2020. The only point of difference with the GDPR was relatively lenient penalties for noncompliance.
1. Canada
Average Score: 10
Canada’s Personal Information Protection and Electronic Documents Act 2018, which regulates data privacy in Canada at a federal level, is perhaps one of the closest legislations when compared to the EU GDPR. Keeping data privacy standards consistent the GDPR, PIPEDA’s data subjects also have access to request rights for sensitive personal information. Albeit in different ways, both legal regimes mandate privacy officers, legal bases for data processors, and data breaches to be promptly reported. Furthermore, PIPEDA also has extraterritorial applications, according to the Federal Court of Canada.
Insider Monkey focuses on uncovering the best investment ideas of hedge funds and insiders. Please subscribe to our daily free newsletter to get the latest investment ideas from hedge funds’ investor letters by entering your email address below. You can also take a peek at the 12 Most Conservative Tech Companies and Top 20 Most Popular Sandwiches in America.
