Ringing in Data Privacy Day Around the World

JANUARY 28TH, 2020

Every New Year’s Eve, the clock counts down to the New Year around the globe, with celebrations starting in major cities such as Auckland and Wellington, New Zealand, and concluding in Honolulu, Hawaii in the United States.

As with New Year’s Eve celebrations, Arcserve would like to take a moment to honor another special day with worldwide implications: Data Privacy Day.

Observed on January 28, 2020, this year’s Data Privacy Day is significant as many countries around the world implemented privacy laws whose impact reaches far beyond their borders.

The scoop on global data privacy regulations

Let’s take a look at some data privacy laws around the world. While some are more familiar than others, it’s imperative that organizations are aware of these laws and how the regulations potentially influence business operations.

New Zealand Privacy Bill – Privacy laws aren’t new in New Zealand. The New Zealand Privacy Bill that went into effect in July 2019 replaced the country’s 25-year-old Privacy Act.

With technology advancements and new dangers threatening personal information, New Zealand’s Privacy Bill gives more power to privacy commissioners but doesn’t regulate overseas businesses who gather information on New Zealanders.

Obligations range from data breach notifications to cross-border data flow protections. This bill makes non-compliance a criminal offense with individuals being subject to fines.

India Personal Data Protection Bill – With the second largest population in the world, it’s highly likely that your organization will be affected by the forthcoming India Personal Data Protection Bill, which applies to public and private organizations that conduct business in India, offer goods and services to data principles (also generally referred to as data subjects) in India, conduct activities such as profiling of data subjects within the territory of India.

Get familiar with this controversial bill - critics call out its shortcomings such as allowing the processing of personal data in the interests of the security of the state. Civil and criminal penalties are steep, with fines up to fifteen crore rupees (approximately $2.2 million USD) or four percent of the company’s total gross revenue from the last financial year, whichever is higher.

General Data Protection Regulation (GDPR) – The European Union’s massive privacy law can be considered “the granddaddy of all data protection laws,” but no matter how you look at it, GDPR is being used as a basis for privacy regulations around the world.

With new definitions and roles to protect the individual, GDPR is the most stringent and farthest-reaching data privacy law in the world. And non-compliance fines are unprecedented, hitting organizations hard where it counts with penalties as much as 4% of a company’s revenue.

Brazilian General Data Protection Law (LGDP) – If your organization is complying with GDPR guidelines, chances are you are already in compliance with Brazil’s LGDP laws as well. Modeled after GDPR, LGDP replaces and enhances 40 national laws around data privacy that sometimes are in conflict with each other. Personal data definitions are similar to GDPR and the regulation applies to companies that offer services to the Brazilian market and collect and process the personal data of data subjects located in Brazil.

Heavy financial penalties are associated with LGDP, including daily fines that can be imposed to further pressure companies to move toward compliance.

California Consumer Privacy Act (CCPA) – Local governments are getting into the data privacy law game. In the U.S., states from California to New York are enacting their own regulations to protect citizens. Specifically in California, the CCPA may be loosely based on GDPR, but the focus of the citizens’ rights is related to the sale of personal data as opposed to the collection and processing of data as with GDPR.

CCPA applies to companies processing personal information of California citizens with an annual revenue greater than or equal to $25 million, or companies that obtain information of 50,000 or more California residents/households or devices annually. The CCPA definition of personal information is broad and its scope could affect every global midsize to enterprise business, so awareness of this law is critical for organizations to ensure they don’t incur the penalties and sanctions of non-compliance.

For a more in-depth look at global data privacy regulations, check out this Privacy Laws from Around the World infographic.

Three ways data protection impacts regulatory compliance

The globalization of business introduces new and complex compliance requirements that if not upheld, threaten organizations with costly fines, litigation, and loss of credibility.

To meet the unique challenges that come with global regulatory compliance, organizations require a data protection solution that goes beyond backup/disaster recovery to offer powerful, compliance-driven technology, such as:

  • Role-based access control
  • Multi-tier encryption
  • Dedicated role for the Data Protection Officer (DPO) to manage the GDPR process

And, if cloud is part of your data protection strategy, your organization will need to ensure its backup provider has data centers located in the countries designated by Article 45(1) of the GDPR and is part of the EU-US Privacy Shield Framework.

To that end, we recommend the following reasons why organizations must focus on data protection as a means to meet the evolving regulatory laws around the world:

  1. Eradicate the ransomware menace – According to Cybersecurity Ventures, cyber-attacks have become one of the largest business risks and serve as the most menacing threat to IT organizations. With data loss and downtime comes the risk of regulatory non-compliance. Go beyond reactive security approaches and secure your backups from any threat with the only market solution to assure businesses a ransomware-free future: Arcserve Appliances Secured by Sophos. 
  1. Eliminate security gaps with a single solution - Consider the different tiers of systems/applications and discrete products and vendors an IT team must juggle. In the modern IT infrastructure, a wide variety of systems, applications and data with different service level agreements (SLAs) require different levels of application availability (ranging from real-time replication to long-term retention).IT teams must manage multiple backup solutions and vendors, most likely as part of a decentralized backup operation that was pieced together in patchwork fashion as vendors were added one-by-one at different intervals, with 56% of businesses using two or more backup solutions. By implementing an all-in-one data protection solution, organizations not only reduce IT complexity, they can also close security gaps and vulnerabilities that are ripe for attackers to take advantage of.
  1. Save money on data protection costs and potential regulatory fines - Today’s competitive business climate often requires IT staffs to address the escalating costs of data protection efforts. Hardware sprawl, higher storage costs, data growth, and increasing backup times often make a holistic business continuity plan unattainable. Streamlining IT operations with a single application and data protection solution that unifies all business continuity efforts across your entire organization dramatically lowers your total cost of ownership (TCO). An all-in-one solution that manages compliance risk offers cost savings on data protection and enables organizations to comply with data privacy laws that could impact the bottom line should fines be levied.
Join the Data Privacy Day Celebration

Join the Data Privacy Day Celebration on Twitter by following @Arcserve and using #PrivacyAware.

Arcserve is proud to serve as a Data Privacy Day Champion, “dedicated to empowering individuals and encouraging businesses to respect privacy, safeguard data and enable trust.”

Learn more about how Arcserve data protection solutions safeguard priceless business data and enable organizations to manage compliance risk.