To help security and risk professionals navigate the complex landscape of privacy laws around the world, Forrester created a data privacy heat map that highlights the data protection guidelines and practices for 54 different countries. Earlier today, we published the 2016 version to the tool, as well as a free version with access to only the U.K. and U.S. ratings. We have updated the map every year since it’s initial publication in order to keep pace with the constantly-evolving landscape of global data privacy laws.
As we roll out the 2016 update and reflect back on the past 5 years of annual assessments, three high-level trends emerge:
Countries continue moving toward the EU standard for data protection. New legislation outside of the EU often follows the EU’s lead by adopting provisions similar to those in the existing Directive 95/46/EC regulation. The slow global convergence toward the requirements outlined in the regulation continued through 2016. For example, Argentina and Japan strengthened pre-existing policies, while Nigeria passed its first comprehensive cybercrime legislation. Japan also established an independent regulatory body (“Privacy Protection Commission”) that oversees privacy issues—a requirement of both the current Directive and the superseding European General Data Protection Regulation (GDPR).
Businesses are moving toward personalization, which means they’ll increasingly collect personal data to get a better idea of what their customers want and need. In the age of the customer, defined by Forrester as a 20-year business cycle when successful enterprises will reinvent themselves as digital businesses in order to serve their increasingly powerful customers, protecting customer data is a critical aspect of fostering trust and building long-lasting relationships.
Regardless of location, all countries should have this goal in mind, but privacy regulations vary from country to country and often conflict with each other. For global organizations, navigating these laws can be daunting. To help businesses tackle this challenge, Forrester published its 2015 Data Privacy Heat Map. Originally created in 2010, the tool leverages in-depth analyses of the data privacy-related laws and cultures of 54 countries around the world, helping security leaders and decision-makers better design their own approaches to privacy and data protection.
As data flows between countries with disparate data protection laws, firms need to ensure the safety of their customer and employee data through regulatory compliance and due diligence. However, multinational organizations often find global data privacy laws exceedingly challenging. To help our clients address these challenges, Forrester developed a research and planning tool called the Data Privacy Heat Map (try the demo version here). Originally published in 2010, the tool leverages in-depth analyses of the privacy-related laws and cultures of 54 countries around the world, helping our clients better strategize their own global privacy and data protection approaches.
Regulation in the data privacy arena is far from static. In the year since we last updated the heat map, we have seen many changes to how countries around the world view and enforce data privacy. Forrester has tracked and rated each of these 54 countries across seven different metrics directly within the tool. Among them, seven countries had their ratings change over the past year. Some of the most significant changes corporations are concerned with involve:
New national omnibus data privacy laws spanning private and/or public industry. Data privacy regulation, when looked at globally, forms a spectrum of maturity beginning with spotty industry or situation-specific laws all the way to omnibus frameworks. As you might expect, responsible corporations prefer to engage in business practices where the data privacy laws are clearly-defined and transparent. For instance, countries such as Brazil and China are in the process of moving towards potential omnibus laws which will replace a multitude of sectoral and situation-based laws. Other countries, such as Colombia and Singapore, have recently passed far-reaching omnibus laws, also replacing a patchwork of prior sectoral laws.