Overlap between data protection laws | Global law

There are many data protection laws in the world. If you look at a map of them you’ll see that there are over 100 countries with data protection laws. Do you know which ones you need to comply with? What happens if you need to comply with many of them? What do you do if there is an overlap between data protection laws? What if you have complied with some laws already, but not with a new one? How do you go about streamlining your compliance efforts?

How do you manage the overlap between data protection laws?

These are all difficult questions and we don’t have all the answers, but the place to start is to do a comparison of the laws that affect you and work out what the similarities or differences are. This comparison can be done between two laws or many laws. If you compare the overlap between data protection laws in various countries you often find that they are about 80% the same – this is what we call global law. All the data protection laws around the world are really just flavours of the same thing.

You first need to know the difference between the laws

This doesn’t mean comparing a data protection law with another kind of law. For example, you can compare a data protection law with other legislation (like consumer protection laws or credit laws) and create a matrix of your responsibilities under these laws. Instead, here we’re talking about comparing two or more data protection laws with each other. For example, comparing the GDPR with the POPI Act. We can help with an overlap between data protection laws that affect you.

If the extra compliance requirement is from a local law

We can provide you with a report that sets out the extra compliance requirements from a local data protection law that applies in a specific country (for example the POPI Act) in addition to what the GDPR already requires of you. This report is for an organisation that is in the process of complying with (or complies with) the GDPR and also has to comply with an additional data protection law in another country. The report will help you to:

• implement a better programme to protect personal information or data,
• comply with both laws,
• avoid having to do things twice, and
• identify what extra you need to do to comply with the data protection law of a specific country.

If the extra compliance requirement is from the GDPR

We can provide you with a report that sets out the extra compliance requirements in the General Data Protection Regulation (GDPR) in addition to what a local data protection law (for example the POPI Act) that applies in a specific country (for example South Africa) already requires of you. This report is for an organisation that has complied with (or already complies with) a local data protection law and now also has to comply with the GDPR. The report will help you to:

• fit your local compliance effort in with your global data protection compliance programme,
• implement a better programme to protect personal information or data,
• comply with multiple data protection laws,
• comply with the GDPR in addition a local data protection law by just doing the extra that the GDPR requires of you, and
• avoid having to do things twice.