Data Protection Laws

Per Jurisdiction

JURISDICTION

EUROPE

Country

EU

Law

The General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR")

Regulator

The European Data Protection Supervisor ("EDPS") is the European Union's (EU) data protection authority and monitors privacy within EU institutions and bodies. The European Data Protection Board ("EDPB") is an independent European body comprised of representatives of the national data protection authorities and the EDPS.

Country

Belgium

Law

Act of 3 December 2017 establishing the Data Protection Authority, Act of 30 July 2018 on the Protection of Natural Persons with Regard to the Processing of Personal Data ("the Act"), and the General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR")

Regulator

The Data Protection Authority ("Belgian DPA")

Country

Bulgaria

Law

The Protection of Personal Data Act 2002 (last amended in 2019) ("the Act") and the General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR")

Regulator

The Commission for Personal Data Protection ("CPDP")

Country

Czech Republic

Law

Act No. 110/2019 Coll. on Personal Data Processing ("the Act") and the General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR")

Regulator

The Office for Personal Data Protection ("UOOU")

Country

Italy

Law

Personal Data Protection Code, with Provisions to Adapt the National Legislation to the General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR") ("the Code") and the General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR")

Regulator

The Italian data protection authority ("Garante")

Country

France

Law

Act No.78-17 of 6 January 1978 on Data Processing, Data Files and Individual Liberties (as amended to implement the GDPR) and the General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR")

Regulator

The French data protection authority ("CNIL")

Country

Germany

Law

Federal Data Protection Act of 30 June 2017 (implementing the GDPR) (as amended) ("the Act") and the General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR")

Regulator

The Federal Commissioner for Data Protection and Freedom of Information ("BfDI"). Please note that there are also regional laws and regulators.

Country

Greece

Law

Law 4624/2019 on the Personal Data Protection Authority, Implementing the General Data Protection Regulation (Regulation (EU) 2016/679) and Transposing into National Law the Data Protection Directive with Respect to Law Enforcement (Directive (EU) 2016/680) and Other Provisions ("the Law"), and the General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR")

Regulator

The Hellenic Data Protection Authority ("HDPA")

Country

Luxembourg

Law

Act of 1 August 2018 on the Organisation of the National Commission for Data Protection and Implementing the GDPR ("the Act") and the General Data Protection Regulation (Regulation (EU) 2016/679)

Regulator

The National Commission for Data Protection ("CNPD")

Country

Poland

Law

Act of 10 May 2018 on the Protection of Personal Data ("the Act") and the General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR")

Regulator

The Polish data protection authority ("UODO")

Country

Portugal

Law

Law No. 58/2019, which Ensures the Implementation in the National Legal Order of the General Data Protection Regulation (Regulation (EU) 2016/679) on the Protection of Individuals with Regards the Processing of Personal Data and the Free Movement of Such Data ("the GDPR Implementation Law") and the General Data Protection Regulation (Regulation (EU) 2016/679)

Regulator

The Portuguese data protection authority ("CNPD")

Country

Romania

Law

Law No. 190/2018 Implementing the General Data Protection Regulation (Regulation (EU) 2016/679) ("the Law") and the General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR")

Regulator

The National Supervisory Authority for Personal Data Processing ("ANSPDCP")

Country

Spain

Law

Organic Law 3/2018, of 5 December 2018, on the Protection of Personal Data and Guarantee of Digital Rights ("LOPDGDD") and the General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR")

Regulator

The Spanish data protection authority ("AEPD")

Country

Sweden

Law

The primary pieces of legislation are the Act with Supplementary Provisions to the GDPR (SFS 2018:218), the Ordinance with Supplementary Provisions to the GDPR (SFS 2018:219) and the General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR")

Regulator

The Swedish Authority for Privacy Protection ("IMY")

Country

Switzerland

Law

The Federal Act on Data Protection 2020 ("FADP")

Regulator

The Federal Data Protection and Information Commissioner ("FDPIC")

Country

The Netherlands

Law

The Act Implementing the GDPR ("the Act") and the General Data Protection Regulation (Regulation (EU) 2016/679)

Regulator

The Dutch data protection authority ("AP")

Country

United Kingdom

Law

The Data Protection Act 2018 ("the Act") and the UK General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR")

Regulator

The Information Commissioner's Office ("ICO")

JURISDICTION

Asia-Pacific

Country

Australia

Law

Privacy Act 1988 (No. 119, 1988) (as amended) ("the Privacy Act")

Regulator

The Office of the Australian Information Commissioner ("OAIC")

Country

New Zealand

Law

Privacy Act 2020 ("the Act")

Regulator

The Office of the Privacy Commissioner of New Zealand ("OPC")

Country

Singapore

Law

Personal Data Protection Act 2012 (No. 26 of 2012) ("PDPA")

Regulator

The Personal Data Protection Commission ("PDPC")

JURISDICTION

Middle East

Country

United Arab Emirates

Law

Federal Decree-Law No. 45 of 2021 regarding the Protection of Personal Data ("the Law") and Data Protection Law DIFC Law No. 5 of 2020

Regulator

The UAE Data Office and DIFC Commissioner of Data Protection

JURISDICTION

Canada

Country

Canada Federal

Law

Personal Information Protection and Electronic Documents Act 2000 ("PIPEDA") and Personal Information Protection Act, SBC 2003 c 63 ("PIPA") (applicable only for British Columbia)

Regulator

The Office of the Privacy Commissioner of Canada ("OPC") and The Office of the Information and Privacy Commissioner for British Columbia ("OIPC") (applicable only for British Columbia)

JURISDICTION

Latin America

Country

Mexico

Law

Federal Law on the Protection of Personal Data Held by Private Parties ("FLPPDPP"), Regulations to the Federal Law on the Protection of Personal Data Held by Private Parties ("the Regulations")

Regulator

The National Institute for Access to Information and Protection of Personal Data ("INAI")

Country

Chile

Law

Law No. 19.628 on the Protection of Private Life 1999 ("the Law")

Regulator

Currently, oversight is carried out by the Chilean Transparency Council ("CPLT")

JURISDICTION

Africa

Country

South Africa

Law

Protection of Personal Information Act, 2013 (Act 4 of 2013) ("POPIA"), Commencement of Section 1, Part A of Chapter 5 and Sections 112 and 113 of POPIA (April 2014), and Regulations Relating to the Protection of Personal Information (2018) ("the Regulations")

Regulator

The Information Regulator ("the Regulator")