Free tools and resources for Data Protection Officers!

Data Protection And Privacy Laws Across The World

We have talked at length about GDPR implementation across the European Union  in our previous posts. However data protection and privacy has been acknowledged as a concern across the world. Implementation of GDPR like laws is not just a global trend but a requirement to ensure international trade and e-commerce. Data protection laws in different countries may be named differently and may have different levels of stringency, but the basic principles remain the same and can be summarized as follows.

  1. Purpose: Only necessary data may be collected with a stated purpose
  2. Confidentiality: Collected data should be treated as confidential and should not be disbursed to other parties without the consent of the individual
  3. Integrity:  Organizations should ensure that records are up-to-date and individuals may review this data to ensure accuracy
  4. Transmission: Collected data should not be transmitted to locations where similar data protection cannot be ensured.
  5. Storage:  Data should be deleted once it is no longer required.

Let us now look at the some of the data protection laws across countries in the six continents including examples of countries with both strict and lenient laws or no legislation in this area. 


There is a significant difference in how data privacy laws are enacted in the 48 countries that constitute Asia. According to Dr Clarisse Girot, this fragmentation is one of the ?biggest stumbling blocks to the development of digital economy and e-commerce? in the region.

Among Asian countries, South Korea has the most stringent regulation and enforcement of data protection laws. South Korea has had the Personal Information Protection Act since September 2011 which is on par with GDPR. Large countries like China and India do not have a single comprehensive data protection law but multiple individual laws which are related to privacy and data protection. Others like Sri Lanka, Myanmar and Thailand have no legislations at present.


Compliance with personal data protection legislation can have a significant impact on countries in Africa where businesses are expanding at a rapid pace. This paper from Deloitte provides an in-depth analysis of the African data protection regulations landscape. In South Africa The Protection of Personal Information Act 4 of 2013 (POPIA) has been enacted. Morocco and Tunisia are other countries which have a robust data protection laws. Some countries like Egypt and Nigeria are in the process of implementing these laws while others like Sudan and Congo have no relevant legislation.

North America

Among the two large North American countries, data privacy is not highly legislated or regulated in the United States. Although, a comprehensive data protection law does not exist, there is a patchwork of sector specific laws and state laws. On the other hand Canada has the strict Personal Information Protection and Electronic Documents Act (PIPEDA) 2000 at the national level which was amended in 2018. Several provinces are governed by additional acts for information protection. Legislation in other North American countries like Mexico and the Caribbean islands is moderate or non-existent.

South America

Argentina has the strongest data protection laws at present among the South American countries. It is governed by the Personal Data Protection Act 2000. Both Argentina and Brazil are in the process of implementing a new law which would be closely aligned with the GDPR. On the other hand Venezuela is one country which has no legislation planned with respect to information privacy.


While countries in the European Union are governed by the GDPR, other countries which are not a part of EU have heavy to robust legislation with respect to data privacy. Switzerland?s data protection law is currently being revised to align with GDPR. Russia has moderate legislation provided by numerous general and sector specific laws.

Australia & Oceania

Both Australia and New Zealand are governed by Strict privacy laws. Australia?s Privacy Act is the key privacy law in Australia and was recently amended in 2018. Similarly New Zealand is regulated by 12 information privacy principles as per its Privacy Act which is being replaced by the privacy bill 2018. Other countries like Fiji and the Solomon Islands do not have a notable data privacy law.


At oneDPO, we solve privacy engineering problems and help companies approach privacy the right way. Currently, we provide tools to help Data Protection Officers (DPOs) handle Data Subject Requests (DSARs) at scale.