The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

COVID-19 Forcing Countries to Reshuffle Data Protection Regulations

by Chris Brook on Wednesday May 27, 2020

Contact Us
Free Demo
Chat

The COVID-19 pandemic has forced some countries to consider delaying data protection law implementation.

While it goes without saying that COVID-19 has upended how practically all of us go about our usual lives, it’s also forced governments to revise how and when it implements laws.

This has been the case in several circumstances for data protection regulations, laws that involve a great deal of planning, both on the part of businesses when it comes to meeting compliance, and for those in the government in charge of enforcing them.

The pandemic has forced countries like Brazil and Thailand in particular to reconsider how and when they roll out laws.

Last month, Brazil's Senate agreed to push back both the go-live date and enforcement date of the Lei Geral de Proteção de Dados Pessoais, or LGPD - its new data protection law, to 2021.

Upon reevaluation, the Senate, in a remote voting session last week, decided to reinstate the original time table, agreeing to set the LGPD into motion in August, later this summer, while sanctions for non-compliance will begin being enforced a year later, in August 2021.

The LGPD, which like many other pieces of data protection legislation of late, draws from the European Union’s General Data Protection Regulation, is slated to replace a slew of statutes already on the books in the country around how personal data is handled.

Even with the LGPD’s date change, businesses there are likely to deal with some confusion when it comes to complying with the law.

Rules around the LGPD aren’t set in stone yet and the outfit designated to enforce it, the National Data Protection Authority, hasn’t been set up yet either. Comprised of a board of directors, a national council, an inspection body, an ombudsman, and its own legal advisory body, the ANPD was a sticking point of the LGPD's creation.

Legislators in Thailand are also wrestling with whether or not to postpone its own data protection act.

For the time being, it seems as if the country is going to pause the roll out of its Personal Data Protection Act (PDPA) until May 2021, meaning all organizations would be exempt from complying until that date. A cabinet there said the delay would give more time to those in both the public and private sectors and help ease financial burdens caused by COVID-19.

The law, passed in 2019, was scheduled to come into effect last week.

According to the Bangkok Post, the PDPA mandates that data controllers and processors who use personal data must receive consent from the data's owners and use it only for expressed purposes. Other requirements of the PDPA - but not expected to be postponed - are the formation of the Office of Personal Data Protection Committee and the appointment of members to a Personal Data Protection Committee.

While many have speculated whether the California Consumer Protection Act, which is scheduled to be enforced on July 1, will be postponed, the state's AG has gone on record that he doesn't intend to delay the enforcement.

Tags: Data Protection

Recommended Resources


  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives
  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.