As more policies and laws revolve around data protection, business intelligence departments are required to comply. Especially with transnational firms, researching the legal requirements of countries of operation is quite a cumbersome process.
This post aims to provide you with the information needed to work hand in hand with the PDPA and optimize your business processes.
For this post, we will be focusing on the regulatory privacy systems in Singapore, Japan, the US, and the EU. These are areas in which we want to launch Sapiengraph, which will be shared more in detail later. Malaysia and Indonesia (locations where Sapiengraph will launch) are changing their privacy regulations, and we will omit these countries from this discussion at present. For the USA, we will be focusing on the state of California, which has passed the CCPA (California Consumer Privacy Act). The CCPA more in-depth as compared to other privacy regulations in other states.
Similarities amongst all Regulatory Privacy Systems
All regulatory privacy systems have a similar purpose in mind: to safeguard against the excessive discovery of personal data. Most, if not all, regulatory systems protect the individual’s right to privacy and advocate for accuracy of information obtained by businesses and organizations.
Therefore, it is unsurprising that businesses:
- Require the consent of the individual before collecting, using and disclosing of data
- Need to respect the individual’s decision to withdraw consent
- Notify the individual of the purposes and extent of their data used
- Allow individuals to correct their data
- Should delete the individual’s data once it has served its purpose as stated
The only exceptions with which the privacy regulations do not apply are:
- Matters in which personal health and safety are concerned.
- Matters in which personal data is necessary between parties (in terms of legal, transactional issues).