How international data protection laws cross over

International data protection laws cross over in a number of ways. For example, many countries have laws that require companies to obtain consent from individuals before collecting or processing their personal data. Other countries have laws that restrict the transfer of personal data to other countries.

In this blog, Clive Mackintosh, Founder of GDPR Rep, experts in GDPR Representative services explores how international data protection laws cross over, including some common examples to be aware of if you are trading internationally.

Ways international data protection laws cross over

Adequacy decisions

The European Union (EU) has adequacy decisions in place with a number of countries, which means that the EU considers the data protection laws in those countries to be adequate. This means that companies can transfer personal data from the EU to those countries without having to implement any additional safeguards.

International agreements

A number of countries have entered into international agreements on data protection. For example, the Council of Europe Convention on Data Protection is an international treaty that sets out a number of principles for the protection of personal data.

Codes of conduct

Some industries have developed codes of conduct that set out standards for data protection. For example, the Asia Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) is a voluntary code of conduct that companies can sign up to in order to demonstrate their commitment to data protection.

Companies that operate internationally need to be aware of the different data protection laws that apply in the countries where they do business. They need to take steps to comply with all applicable laws, including obtaining consent from individuals before collecting or processing their personal data, and implementing appropriate security measures to protect personal data.

Here are some examples of how international data protection laws can cross over in practice:

• A company in the EU that has a website that is accessible to people around the world will need to comply with the EU's General Data Protection Regulation (GDPR) for all personal data that it collects from EU residents. This includes obtaining consent from individuals before collecting or processing their personal data, and providing individuals with access to their personal data and the right to have it erased.
• A company in the US that has a website that is accessible to people around the world may need to comply with the GDPR if it collects personal data from EU residents. This is because the GDPR applies to any organisation that processes the personal data of EU residents, regardless of where the organisation is located.
• A company in the US that transfers personal data to the EU will need to comply with the GDPR. This is because the GDPR restricts the transfer of personal data to countries that do not have adequate data protection laws in place.

Companies that operate internationally need to be aware of the different data protection laws that apply in the countries where they do business and take steps to comply with all applicable laws.

GDPR Rep is on a mission to help every business achieve and maintain GPDR representation. If you are looking into how your organisation can fulfil its requirements why not schedule a no-commitment call with a GDPR representative expert today, or get a quote to understand how our value pricing makes compliance simple.