GDPR, CCPA and HIPAA all pose daunting privacy challenges for organizations. But, George Tziahanas (LinkedIn), Managing Director of Breakwater explains that there are many more national laws to consider. In this podcast he takes us through five countries with laws and regulations that global compliance and privacy teams needs to consider.
The People’s Republic of China
China’s law, he reports is very focused on the company’s national interest and a belief that preserving data, particularly critical data on firms and infrastructure, needs to stay in the country. The law affects whether data can be transferred outside China and under what circumstances. It also has limits on what information can shared with foreign law enforcement.
The US Cloud Act triggered concerns in many jurisdictions around the world. The French National Security Agency established a certification program that now requires French nationals to run cloud-based services in France and limits the ownership levels of foreigners. It affects broad sectors of the economy.
The largest economy in Europe is embarking on efforts similar to those in France, which is having the effect of creating digital borders in the EU. They have created a sovereign cloud, in partnership with the private sector, that affects government agencies, vital services and critical sectors of the economy.
The Kingdom of Saudi Arabia
Saudi Arabia has classified certain data as needing to stay within the country. This has led to partnerships with cloud vendors to bring their infrastructure into the country.
The UAE, he reports, has long had limits on encrypted voice channels and VOIP. To gain access to cloud technology they, too, are slated to introduce new data and cybersecurity rules that are anticipated to be similar to Saudi Arabia’s.
In sum, organizations are now increasingly facing a world in which data transfers will be more complex and where data is housed will be closely scrutinized and limited. Listen in.