My organisation processes data of data subjects who live in various countries around the world. Am I right in thinking that the Data Protection legislation of each country will apply and be different? E.G data subjects in Sri Lanka will be subject to Sri Lankan legislation, Indian data subjects Indian legislation, Nigerian data subjects Nigerian legislation will apply. My organisation therefore need to be up to speed with all legislation where we have data subjects. Correct?
HellenB
Yes – you need to consider yourself as being in a multi-regulatory framework, i.e. you are expected to fulfil the full terms of your domestic legislation for your business operations but you also need to take into account international legislation for those data subjects not resident in the country where your organisation is domiciled.
A key example of this is electronic communications regulations where some EU countries have stricter rules than others which you must take into account.
Egil Bergenlind
Hi there!
Yes, generally you need to analyse data protection laws in countries where data subjects whose data you process reside, since the laws exist to protect these individuals they will often apply regardless of your own location.