Every Data Privacy Law in the World

Processing through the world’s data privacy regulations can be incredibly time-consuming, especially with so many countries, states and economic unions launching their own variations with different rights and protections for local consumers. To make it easier for business leaders to understand what’s in play and what’s still to come, we’ve compiled a list of every piece of legislation from around the world for your consideration. There are many, so we recommend using the search feature (typically CTRL+F for PC; COMMAND+F for Mac) to easily find the name of the most relevant data privacy legislation for a select location. The list is organized by continent and country, with callouts for more local laws and a separate section for regulations in progress but yet operational.

Almost every country already addresses data privacy in some form today. With all of Europe and nearly 50% of the United States specifically addressing and providing data protection rights, it won’t be long until this movement sweeps across the entire world and results in more dedicated privacy legislation. Check back here regularly to find new dedicated articles speaking to the provisions and rights outlined in each of these regulations.

In this guide:

Active Legislation

NORTH AMERICA

–United States–

• [Federal] Privacy Act of 1974
• [Federal] Health Insurance Portability and Accountability Act (HIPAA)
• [Federal] The Gramm Leach Bliley Act (GLBA) of 1998
• [Federal] Fair Credit Reporting Act (FCRA)
• [Federal] Family Educational Rights and Privacy Act (FERPA)
• Children’s Online Privacy Protection Act (COPPA)
• California Consumer Privacy Act (CCPA)
• California Privacy Rights Act (CPRA)
• California Online Privacy Protection Act (CalOPPA)
• Colorado Privacy Act (CPA)
• Connecticut Data Privacy Act (CTDPA)
• New York Stop Hacks and Improve Electronic Data Security (SHIELD) Act
• New York Information Security Breach and Notification Act
• Virginia Consumer Data Protection Act (VCDPA)

–Canada–

• [Federal] Personal Information Protection and Electronic Documents Act (PIPEDA)
• [Federal] Canada’s Anti-Spam Legislation (CASL)
• British Columbia Personal Information Protection Act (BC PIPA)
• Alberta Personal Information Protection Act (AB PIPA)
• Quebec Private Sector Act

–Mexico–

• The Federal Law on the Protection of Personal Data held by Private Parties
• The Regulations to the Federal Law on the Protection of Personal Data held by Private Parties
• The Privacy Notice Guidelines
• The Recommendations on Personal Data Security
• The Parameters for Self-Regulation regarding personal data
• The General Law for the Protection of Personal Data in Possession of Obligated Subjects

–Bahamas–

• Data Protection Act (DPA)

–Barbados–

• Data Protection Act

–British Virgin Islands–

• Data Protection Act

–Cayman Islands–

• The Data Protection Act (DPA)

–Dominican Republic–

• Dominican Constitution – Section 44
• Law No. 172-13 on the Protection of Personal Data (DPL)
• Law No. 53-07 on High Technology Crimes & Offenses

–Guatemala–

• Law on Access to Public Information

–Haiti–

• Order establishing the rules relating to the protection of personal data
• Haiti’s General Penal Code

–Honduras–

• National Constitution – Article 182
• Law of the Civil Registry
• Law for Transparency and for Access to Public Information
• Law for the Protection of Confidential Personal Data

–Panama–

• Law on Protection of Personal Data
• The Constitution and Criminal Code of Panama also provide some more minor rules around data protection

–Sint Maarten–

• National Ordinance on the Protection of Personal Data
• GDPR, by extension of the Netherlands

SOUTH AMERICA

–Argentina–

• Personal Data Protection Act

–Aruba–

• National Ordinance on Personal Registration

–Bermuda–

• Personal Information Protection Act (PIPA)

–Bolivia–

• Bill of Personal Data Protection
• Article No. 130 of the Political Constitution of the Plurinational State of Bolivia

–Bonaire, Sint Eustatius and Saba–

• Personal Data Protection Act BES
• GDPR, via extension from the Netherlands

–Brazil–

• General Data Protection Law (LGPD), which consolidated more than 40 different regulations previously in effect

–Chile–

• Constitution of the Republic of Chile – Article 19 No. 4
• Law No. 19,628 on the Protection of Private Life 1999 (DPL)
• Law No. 20,575/2012, which established the ‘purpose’ principle for processing personal data
• Law No. 20,584/2012 which established right and duties of individuals regarding healthcare

–Colombia–

• Constitution Articles 15 and 20 establishing the right to privacy and data rectification
• Law 1581 of 2012 regulating personal data processing and further defining special categories like sensitive data and data collected from minors
• Law 1266 of 2008 regulating the processing of data collected in Colombia or abroad

–Costa Rica–

• Law No. 8968, Protection of Persons Regarding the Processing of their Personal Data
• Law No. 7975, the Undisclosed Information Law

–Curacao–

• National Ordinance on the Protection of Personal Data
• GDPR, via extension from the Netherlands

–Ecuador–

• Constitution of Ecuador – Articles 66 and 92
• Organic Law on the Protection of Personal Data

–Nicaragua–

• Law No. 787 Personal Data Protection Law

–Paraguay–

• National Constitution – Article 135 on Habeas Data
• Criminal Code – Article 174
• Personal Credit Data Protection Law
• Law No. 1682 which regulates Private Information 2001

–Peru–

• Political Constitution of Peru – Article 2
• Personal Data Protection Law No. 29.733 (PDPL)
• Law No. 27.489 on private risk centers information owner protections, amended several times

–Trinidad and Tobago–

• The Data Protection Act 2011

–Uruguay–

• Law No. 18.331 on the Protection of Personal Data and the Habeas Data Action 2008

–Venezuela–

• Constitution of the Bolivarian Republic of Venezuela, establishing general principles for the protection of information

EUROPE

–Countries in the European Union (EU)–

• General Data Protection Regulation (GDPR)
• ePrivacy Directive (ePR)

–United Kingdom–

• UK Data Protection Act 2018, an adaptation of the general EU GDPR guidelines to operate as UK domestic law
• Privacy and Electronic Communications Regulations (PECR)

–Albania–

• Data Protection Law, which amends Law No. 9887 “On Protection of Personal Data”

–Austria–

• Data Protection Amendment Act 2018, which implemented GDPR
• Various Data Protection Adjustment Acts, which adjusted existing legislation to match language used in GDPR

–Belarus–

• Law on Personal Data Protection

–Belgium–

• Protection of Natural Persons with Regard to the Processing of Personal Data Act 2018 (Note: not an official translation)

–Bosnia and Herzegovina–

• Law on Protection of Personal Data

–Bulgaria–

• The Personal Data Protection Act

–Croatia–

• The Act on the Implementation of the General Data Protection Regulation (GDPR)

–Cyprus–

• The Protection of Physical Persons Against the Processing of Personal Data and Free Movement of such Data Law, implementing provisions of GDPR

–Czech Republic–

• Czech Act No. 110/2019 on personal data processing, which implements GDPR

–Denmark–

• The Danish Act on Data Protection, which implements GDPR

–Estonia–

• Personal Data Protection Act (PDPA)
• Personal Data Protection Implementation Act, which implements GDPR

–Finland–

• The Data Protection Act of Finland, which implemented GDPR
• Act on Electronic Communication Services
• Act on the Protection of Privacy in Working Life (Working Life Act)
• Act on the Processing of Personal Data in Criminal Cases and in connection with Maintaining National Security

–France–

• The Amendment Law, incorporating GDPR into the Act on Information Technology, Data Files and Civil Liberties

–Georgia–

• Law of Georgia on Personal Data Protection (PDP Law)

–Germany–

• Federal Data Protection Act, implementing GDPR
• German Telecommunications and Telemedia Data Protection Act (TTDSG)

–Guernsey–

• Data Protection Law (DPL 2017)

–Hungary–

• Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information, which implemented GDPR

–Iceland–

• The Act on the Protection of Privacy as regards the Processing of Personal Data (DPA), implementing GDPR

–Ireland–

• Data Protection Act 2018

–Italy–

• Personal Data Protection Code, with provisions to include GDPR

–Kosovo–

• Law on Protection of Personal Data (LPPD)

–Latvia–

• Personal Data Processing Law, which replaced the Personal Data Protection Law and implemented GDPR in 2018

–Lithuania–

• The Law on Legal Protection of Personal Data, which implemented GDPR

–Luxembourg–

• The Laws of August 1, 2018 establishing the National Data Protection Commission (CNPD), the protection of individuals with regard to processing personal data, and the general data protection framework, thereby implementing GDPR
• The Law of July 17, 2020, which amended the legal framework for data processing due to the COVID-19 crisis

–Malta–

• Data Protection Act 2018, which implemented GDPR
• Processing of Personal Data (Education Sector) Regulations
• Processing of Data Concerning Health for Insurance Purposes Regulations

–Moldova–

• Constitution of the Republic of Moldova – Article 28
• Law No. 133 on Personal Data Protection, which will likely be updated soon to transpose the provisions of GDPR as Moldova is not an EU member country
• The Governmental Decision of 14 December 2010 No. 1123 on the Security of Personal Data within Automatic Databases, establishing breach notification requirements and sanctions
• The Governmental Decision of 15 May 2012 No. 296 regarding the register of evidence of the personal data controllers

–Monaco–

• The Monegasque Constitution – Article 22
• Data Protection Law No. 1.165
• Law No. 1.353
• Law No. 1.462 – The “Data Protection Law” (DPL)
• Law No. 1482 and 1483, which transposed provisions of GDPR into Monegasque law since Monaco is not part of the EU

–Montenegro–

• The Personal Data Protection Laws: Nos. 79/2008, 70/2009, 44/2012 and 22/2017

–Netherlands–

• The Dutch GDPR Implementation Act

–North Macedonia-

• Law on Personal Data Protection (DP Law), which aligns with GDPR

–Norway–

• Personal Data Act (PDA), which implements GDPR

–Poland–

• Personal Data Protection Act (PDPA), which implemented GDPR along with an accompanying amendments act
• Telecommunications Act of 2004
• Act on Providing Services by Electronic Means

–Portugal–

• Law No. 58/2019, implementing GDPR
• Law No. 59/2019, with provisions for personal data processing of criminal offenses and sanctions
• Law No. 41/2004, which applies data protection provisions to electronic communications

–Romania–

• Law No. 190/2018 on the protection of natural persons with regard to data processing and the free movement of this data

–Serbia–

• Data Protection Law (DPL), implementing GDPR

–Slovak Republic–

• Slovak Data Protection Act, implementing GDPR

–Slovenia–

• Slovenian Data Protection Act, implementing GDPR
• Slovenian Act on the Protection of Personal Data in Area of Treatment of Criminal Offences
• Electronic Communications Act
• Classified Information Act
• Minor Offences Act
• Patients’ Rights Act
• Mass Media Act
• Banking Act
• Law on Public Procurement
• Labour Relations Act

–Spain–

• Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD, which was refined to include provisions of GDPR

–Sweden–

• The Data Protection Act, which supplements GDPR
• Data Protection Ordinance
• The Whistleblowing Act, which implements the EU Whistleblowing Directive
• The Patient Data Act and Patient Data Ordinance
• The Electronic Communications Act and the Electronic Communications Ordinance

–Switzerland–

• Federal Act on Data Protection (FADP), with new revisions in effect as of September 1, 2023

–Turkey–

• Law on the Protection of Personal Data (LPPD)

–Ukraine–

• Law of Ukraine No. 2297 VI on personal data protection, which effectively complies with GDPR
• Law of Ukraine on amendments to certain laws of Ukraine regarding improvement of personal data protection system
• Additional Laws of Ukraine regulating data protection include:
  • “On information” No. 2657 XII
  • “On protection of information in the information and telecommunication systems” No. 80/94 VR
  • “On electronic commerce” No. 675-VIII

ASIA

–China–

• Personal Information Protection Law (PIPL)
• The Cybersecurity Law
• The Data Security Law
• The Civil Code of the People’s Republic of China
• Hong Kong Personal Data Privacy Ordinance (PDPO)

–Armenia–

• Personal Data Protection Law

–Azerbaijan–

• Law on Personal Information

–Bahrain–

• Personal Data Protection Law (PDPL)

–Bangladesh–

• Digital Security Act 2018 (DSA 2018)

–India–

• Digital Personal Data Protection Bill 2023 (PDPB)
• Indian Constitution – Article 21

–Indonesia–

• Law No. 27 of 2022 concerning Personal Data Protection (PDP Law)

–Israel–

• The Protection of Privacy Law, 1981 (“Privacy Law”)
• Protection of Privacy Regulations (“Data Security Regulations”)
• The Protection of Privacy Regulations, 2001 (Transfer of Information to Databases outside the State’s Boundaries, or “Transfer Regulations”)

–Japan–

• Act on the Protection of Personal Information (APPI): Passed in 2003 and amended in 2022

–Kazakhstan–

• Law No. 94-V on personal data and its protection
• The Law of Informatisation
• The Law on Communication
• The Labour Code of Kazakhstan

–Kuwait–

• Data Protection Regulation

–Kyrgyzstan–

• The Constitution of the Kyrgyz Republic
• Law of the Kyrgyz Republic on Personal Data No. 58

–Laos–

• Law on Electronic Transactions 2012, and the following Instructions on the Implementation of the Law on Electronic Data Protection 2018
• Law on Cyber Crime 2012, and the following Instructions on the Implementation of the Law on Cyber Crime 2018
• Law on Electronic Data Protection

–Lebanon–

• Law No. 81/2018 on Electronic Transactions and Personal Data

–Macau–

• Personal Data Protection Law No. 8/2005

–Mongolia–

• Law of Mongolia on Personal Data Protection

–Myanmar–

• Electronic Transactions Law
• Financial Institutions Law 2016
• Telecommunications Law 2013
• Law Relating to Private Health Care Services 2007

–Nepal–

• Individual Privacy Regulation 2020
• Individual Privacy Act 2018

–Oman–

• Personal Data Protection Law (PDPL)

–Pakistan–

• Prevention of Electronic Crime Act 2016 (PECA)

–Philippines–

• Data Privacy Act of 2012 (DPA)

–Qatar–

• Qatari Law No. 13 of 2016 Concerning Personal Data Protection (“The Data Protection Law” or Personal Data Privacy Protection Law)
• Note: Qatar Financial Centre operates under different laws from that of the State of Qatar
  • QFC Data Protection Regulations (DPL)
  • Data Protection Rules 2005 (DPR)

–Russia–

• Russian Constitution
• Ratified the Strasbourg Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data
• Data Protection Act No. 152
• The Information, Information Technologies and Information Protection Act No. 149
• Russian Labour Code, protecting employees’ personal data

–Saudi Arabia–

• Personal Data Protection Law (PDPL)
• Personal Data Protection Interim Regulations (PDPIR)

–Singapore–

• Personal Data Protection Act 2012 (PDPA)

–South Korea–

• Personal Information Protection Act (PIPA)

–Taiwan–

• Personal Data Protection Act (PDPA) and the corresponding Enforcement Rules of the Personal Data Protection Act

–Tajikstan–

• Constitution of the Republic of Tajikistan – Article 23
• Personal Data Protection Law
• The Civil Code
• The Information Law
• The Informatization Law

–Thailand–

• Personal Data Protection Act (PDPA)

–Turkmenistan–

• Law of Turkmenistan No. 519-V on information about protection of private life

–United Arab Emirates (UAE)–

• Personal Data Protection Law, Federal Decree Law No. 45 of 2021 regarding the Protection of Personal Data
• The Federal Law No. 15 of 2020 on Consumer Protection
• Federal Law No. 2 of 2019 Concerning the Use of Information and Communication Technology (ICT) in Health Fields
• Federal Decree Law No. 34 of 2021 on Combatting Rumours and Cybercrimes
• Telecommunications and Digital Government Regulatory Authority (TDRA)Internet Access Management (IAM) policy
• [Abu Dhabi Global Market] ADGM Data Protection Regulations
• [Dubai] Dubai International Financial Centre (DIFC) Data Protection Law (Law No. 5 of 2020)
• [Dubai Healthcare City] DHCC Health Data Protection Regulation No. 7 of 2013

–Uganda–

• Constitution of the Republic of Ugana – Article 27
• Data Protection and Privacy Act 2019 and 2021

–Uzbekistan–

• Constitution of the Republic of Uzbekistan
• Law of the Republic of Uzbekistan “On Personal Data”
• Law No. 439-II “On Principles and Guarantees of Freedom of Information”
• Law No. 560-II “On Informatization”

–Vietnam–

• Law No. 24/2018/QH14 on Cybersecurity
• Law No. 86/2015/QH13 on Network Information Security
• Law No. 59/2010/QH12 on Protection of Consumers’ Rights
• Law No. 67/2006/QH11 on Information Technology
• Law No. 51/2005/QH11 on E-transactions
• Labour Code 2019

OCEANIA

–Australia–

• Australian Privacy Act 1988: Revisions coming soon
• [Australian Capital Territory] Information Privacy Act 2014
• [Northern Territory] Information Act 2012
• [New South Wales] Privacy and Personal Information Protection Act
• [Queensland] Information Privacy Act 2009
• [Tasmania] Personal Information Protection Act 2004
• [Victoria] Privacy and Data Protection Act 2014
• The Telecommunications Act 1997
• The Health Records and Information Privacy Act 2002
• The Health Records Act 2001
• The Workplace Surveillance Act

–Fiji–

• Fiji Constitution – Clause 24

–New Zealand–

• Privacy Act 2020 and its Information Privacy Principles (IPPs)

AFRICA

–Algeria–

• Law No. 18-07 on the “protection of natural persons in personal data processing”

–Angola–

• The Data Protection Law (No. 22/11)
• The Electronic Communications and Information Society Services Law (No. 23/11)
• The Protection of Information Systems and Networks Law (No. 7/17)

–Benin–

• The Law on the Digital Code
• The Law on the Protection of Personally Identifiable Information

–Botswana–

• Data Protection Act, 2018

–Burkina Faso–

• Law No. 001-2021 to protect persons regarding personal data
• Law No. 010-2004/AN establishing the right to privacy and confidentiality of correspondence

–Cape Verde–

• Data Protection Law (Law 133/V/2001, amended by Law 41/VIII/2013 and Law 121/IX/2021)

–Chad–

• Act No. 007/PR/2015 on personal data protection
• Act No. 008/PR/2015 on electronic transactions
• Act No. 009/PR/2015 on cybersecurity and the fight against cybercrime

–Democratic Republic of Congo–

• Law No. 20/017 on telecommunications, information and communication technology, which covers the protection of personal data

–Egypt–

• Egypt’s Personal Data Protection Law (Law No. 151 of 2020)

–Equatorial Guinea–

• Personal Data Protection Law

–Ethiopia–

• Ethiopia has no singular personal data collection and processing law but does have a patchwork of different laws to require personal data be used lawfully and with due care, including:
  • Freedom of the Mass Media and Access to Information Proclamation
  • Consumers Rights and Protection Directive
  • Computer Crime Proclamation
  • Electronic Transaction Proclamation
  • Electronic Signature Proclamation

–Gabon–

• The Protection of Personal Data (“The Law” No. 001/2011)
• Electronic Communications in Gabon (Law No. 26/2018)
• The Regulation of Cybersecurity and the Fight Against Cybercrime (Order No. 15-PR-2018)

–Ghana–

• Data Protection Act, 2012
• Electronic Communications Act, 2008
• Electronic Communications Regulations, 2011
• Public Health Act, 2012
• Children’s Act, 1998
• Credit Reporting Regulations, 2020

–Gibraltar–

• Data Protection Act, revised to supplement GDPR

–Greece–

• Greek Law 4624/2019 on the Hellenic Data Protection Authority, which contains supplementary rules for GDPR

–Guinea–

• Law on Cybersecurity and Personal Data Protection in the Republic of Guinea

–Ivory Coast–

• Protection of Personal Data (Law No. 2013-450)

–Kenya–

• Data Protection Act No. 24 of 2019
• Multiple Data Protection Regulations to implement Kenya’s Data Protection Act

–Lesotho–

• The Constitution of the Kingdom of Lesotho, which establishes protections for the right to privacy
• Data Protection Act 2013

–Liberia–

• The Liberian Constitution – Article 16 establishes the right to privacy

–Libya–

• The Constitution (2011) – Articles 12 and 13 establish the right to a private life but there is no specific data protection law

–Madagascar–

• The Data Protection Law (Law No. 2014-038)

–Malawi–

• Partial Protection via the Electronic Transactions and Cybersecurity Act No. 33 of 2016 

–Malaysia–

• Personal Data Protection Act 2010 (PDPA)

–Mali–

• The Constitution of Mali: Grants the right to privacy, which Law No. 2013/015 applies to personal data processing

–Mauritius–

• Data Protection Act 2017, replacing the Data Protection Act 2004 and aligning regulations with the EU GDPR

–Morocco–

• The Data Protection Law (Law No. 09-08 paired with the Implementation Decree No. 2-09-165)

–Namibia–

• Namibian Constitution – Article 13, generally establishing the right to privacy

–Niger–

• Niger Constitution – Articles 27 and 29
• The Data Protection Act, 2023
• Law No. 2017-28 and amendment Law No. 2019-71, establishing the High authority for the protection of personal data (HAPDP)

–Nigeria–

• Nigeria Data Protection Regulation (NDPR)
• Credit Reporting Act 2017
• Consumer Protection Framework 2016
• The Cybercrimes (Prohibition, Prevention Etc) Act 2015
• National Health (NH) Act 2014
• Nigerian Communications Commission Regulation 2011
• Freedom of Information Act 2011 (FOI Act)
• Consumer Code of Practice Regulations 2007
• The National Identity Management Commission (NIMC) Act 2007
• Child’s Right Act, 2003

–Rwanda–

• Law No. 58/2021 relating to the protection of personal data and privacy (The Data Protection Law)
• The Information and Communication Technology Law (The ICT Law)
• The Prevention and Punishment of Cyber-Crimes Law (The Cyber Crime Law)

–Senegal–

• Data Protection Act, 2008 (Act No. 2008-12) and its corresponding “implementing decree” (Decree No. 2008-721)
• Act No. 2008-08 on electronic transactions
• Act Nos. 2016-29 and 10-2021 amending the criminal code

–South Africa–

• Protection of Personal Information Act (POPI Act)

–Togo (Togolese Republic)–

• Law No. 2019-014 Relating to the Protection of Personal Data

–Tunisia–

• Law No. 2004-63 on the Protection of Personal Data

–Uganda–

• Data Protection and Privacy Act 2019

–Zambia–

• Data Protection Act No. 3 of 2021 (DPA)

–Zimbabwe–

• Data Protection Act, initially established under the Postal and Telecommunications Act enabling the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) to enforce
• Access to Information and Protection of Privacy Act
• Consumer Protection Act
• Interception of Communications Act
• Communication Technology Policy

Coming Soon + In Progress

–Unites States–

• Utah Consumer Privacy Act (UCPA): Coming December 31, 2023
• Delaware Personal Data Privacy act: Coming January 1, 2024
• Texas Data Privacy and Security Act (TDPSA): Coming July 1, 2024
• Montana Consumer Data Privacy Act (MCDPA): Coming October 1, 2024
• Iowa Consumer Data Protection Act (ICDPA): Coming January 1, 2025
• Tennessee Information Protection Act (TIPA): Coming July 1, 2025
• Indiana Consumer Data Protection Act (ICDPA): Coming January 1, 2026
• California Delete Act: Passed the legislature and is awaiting the Governor’s signature, at which point brokers would have to register with the CPPA in 2024 and comply with a universal consumer deletion mechanism by 2026
• Other states with data privacy bills in progress: Kentucky, Maine, Maryland, Michigan, Minnesota, Mississippi, New Jersey, New York, Nevada, Oklahoma, Oregon, Washington, and Vermont

–Around the World–

• EU Data Act
• Albania: Amendments coming to the Data Protection Law “On Protection of Personal Data” to more closely align it with the EU’s GDPR
• Australian Privacy Act: Revisions to the 1988 act estimated to come in Q4 2023
• Bosnia and Herzegovina: Draft Data Protection Law, expected to be adopted sometime in 2023-24
• Canada: Multiple new bills are in consideration to update and replace sections of PIPEDA, which is currently active
  • Consumer Privacy Protection Act (CPPA)
  • Bill C-27: The Digital Charter Implementation Act
  • Personal Information and Data Protection Tribunal Act (PIDPTA)
  • Artificial Intelligence and Data Act (AIDA)
• Costa Rica: Congress discussing a bill amending current Laws
• Democratic Republic of Congo: In the process of ratifying two bills on cybersecurity and personal data protections
• El Salvador: Personal Data Protection Act is in progress, but has been at an impasse between Congress and the President for a few years
• Jordan: Currently circulating a draft of the Data Protection Law, which will be in effect 6 months after Parliament’s approval (still yet to come)
• Monaco: Additional laws incorporating EU GDPR standards are expected in the near future
• Namibia: Currently drafting a Data Protection Policy to explicitly cover data processing and misuse of personal data
• Netherlands: The Data Protection Collection Act is a proposal in progress that would affect the existing GDPR Implementation Act
• Nigeria: The Federal Data Protection Bill and various local state bills regulating data retention, transfers and breaches are in progress
• Pakistan: A draft is in progress of a new Personal Data Protection Bill (PDPB) which has been introduced but not yet approved
• Philippines: Three bills are currently in the House of Representatives and Senate of the Philippines, all of which would amend the existing DPA but do not yet have a time frame for consideration
• Poland: Working on the Electronic Communications bill, which would replace the existing Telecommunications Act and the Act on Providing Services by Electronic Means if it passes in parliament
• Seychelles: The Data Protection Act created in 2003 still has not yet come into operation, but could theoretically at any time in the near future
• Sri Lanka: The Personal Data Protection Bill passed in March 2022, and will become functional within 18-36 months after this time
• Tanzania: The Personal Data Protection Act (DPA) has passed, but is not yet operational as a date has not yet been set for communication to the public
• Tunisia: a new draft of the personal data protection bill is in progress to align with EU GDPR, but has not yet been passed
• Ukraine: New draft of the Law On Personal Data Protection is with parliament for review
• Vietnam: Currently reviewing a draft of a Personal Data Protection decree to consolidate all of the many different laws, decrees and circulars mentioning data privacy

How Privacy Bee Helps

In today’s digital landscape, protecting personal customer data and educating internal users about data usage is mandatory for businesses selling services online in many of the areas listed above. More locations around the world are rolling out new regulations every day, and these laws are mandating stricter opt in/opt out policies, giving consumers the right to review and delete their personal data, and generally increasing data protection accountability for organizations.

Yet despite all of these regulations, the responsibility falls on the individual to monitor, review and request removal of their personal data wherever it exists online. Across an entire organization, it’s effectively impossible to do this for every employee on your own. But identifying and removing this information significantly deters cybercriminals by decreasing your attack service and mitigating the risk of a data breach. Privacy Bee takes this time-consuming monitoring and deletion process and makes it easy for business leaders to take control of employee personal data in a more efficient and meaningful way across the entire team and beyond.

While Privacy Bee is actively reducing the spread of your organization’s personal information—which of course extends to customers as well—across the vast expanse of the internet, our services also cover vendors to ensure they aren’t a weak point in your security defenses. Even with strong cybersecurity measures in place, it’s essential to analyze all third party vendor security practices. If you already do a risk assessment and vendor surveys today, nice work! But the most likely way a vendor will get compromised is via poor data privacy management.

The Privacy Bee proactive approach fights back against the exploitation of your most sensitive data, fortifying your External Data Privacy on multiple fronts.

Data Brokers and People Search Sites have emerged as key players in the multi-billion-dollar surveillance industry, profiting from the sale of your organization’s information as they pass it on to unknown and uncontrollable entities. The ramifications of having private data exposed on the web are far-reaching, posing severe threats in the hands of malicious hackers. A single data breach can lead to a massive loss of productivity, expensive remediation efforts, repeat breach events (which plague the vast majority of businesses after just one initial breach), unraveling a series of events that not only hurts your bottom line in the short term, but destroys brand value and customer trust in the long term. That’s without even mentioning the knock on effects of an exposed organization, which can include high employee turnover due to poaching and a significant drop in productivity attributed to more sophisticated spam outreach.

Privacy Bee represents your best effort to fight back against threat actors outside of your organization’s walls. By locating all the corners of the internet where your data resides and swiftly removing it, Privacy Bee closes the data security gap. The service even includes dark web monitoring and data breach notification if another company is exploited and your information is exposed as a result.

Our commitment is rooted in the belief that privacy is a fundamental human right that transcends political debates and negotiations. It’s why Privacy Bee diligently monitors user data for security exposures while holding the surveillance industry accountable by compelling Data Brokers, People Search Sites, and more than 150,000 additional sites to erase your stored data and opt out of further data collection.

Privacy Bee’s protective umbrella extends over a wide range of potential threats, including:

• Data breaches
• Spam emails
• Telemarketing calls
• Cyberstalking
• Swatting
• Doxxing
• Blackmail
• Identity theft

If you’re a business leader committed to securing both employees and customers, Privacy Bee empowers you to take control of your organizations most vital employee and customer data. In this era where privacy is critical, Privacy Bee stands as your steadfast partner in the ongoing battle to preserve your personal and organizational integrity.