International Privacy Law

As businesses continue to make a global impact, it's important to get to know the laws of the land and understand how your data flows across international boundaries. Most countries have their own data protection laws that need to be adhered to, and many fall under the jurisdiction of more than one.


Here are a few of the international data privacy laws your compliance officer should be aware of.


The Americas


In Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) covers the disclosure of personal information in the private sector.
Learn more about PIPEDA.

Federal Law on the Protection of Personal Data

Mexico's Federal Law on the Protection of Personal Data held by Private Properties 2010 regulates the processing of personal data for private enterprises.


As of August 2020, Brazil formally enacted its first general data protection law, Lei Geral de Proteção de Dado (LGPD). This comprehension data protection regulation applies to all businesses in Brazil and the data collection and use of Brazilian citizens and residents.


Europe and the UK


The General Data Protection Regulation (GDPR) extends to all businesses (including businesses that operate outside of Europe) that offer goods and services to European residents and collect personal data in the process.
Learn more about the GDPR.

Data Protection Act 2

France's Data Protection Act 2 (Law No. 2016-1321) supports the provisions of the GDPR.

Federal Data Protection Act 2017

Germany's Federal Bundesdatenschutzgesetz (BDSG) works alongside the GDPR to outline how data can be collected and processed.


The Federal Law on Data Protection (FLDP) and Data Protection Ordinance (DPO) are the data privacy laws of Switzerland.

Data Protection Act 2018

The Data Protection Act 2018 incorporates the EU GDPR and supplements its provisions in the United Kingdom. An amended version of this law came into effect on midnight of 31 December 2020.



Personal Information Security SpecificationThis is the data privacy law in China that relates to transparency, personal rights over data, and consent. In October 2020, China unveiled a draft of the Personal Information Protection Law (PIPL) for public consultation. This comprehensive data privacy legislation has yet to be passed into law.


Japan's Act on the Protection of Personal Information (APPI) applies to any company, whether in Japan or located outside Japanese borders, that offers goods and services in the country.


Tabled in December 2019, the Personal Data Protection Bill 2019 (PDPB) is based on the GDPR and grants Indian citizens certain data protection rights. The revised version of the law, the Personal Data Protection (PDP) legislation is expected to pass into law in early 2021. Currently, data privacy is covered by the Information Technology Act 2000.

The Russian Federal Law on Personal Data (No. 152-FZ)

The Federal Law on Personal Data 2006 (Act No. 152 FZ) relates to the collection and processing of customer data in Russia.


Africa and Australia

PoPIThe Protection of Personal Information (PoPI) Act 2013 is a data privacy law in South Africa that prescribes how customer data can be used for marketing purposes.

Australia's Privacy Act 1988

This is the key privacy law that governs both the public and private sectors in Australia.

New Zealand Privacy Act 1993

This is the key privacy law that governs both the public and private sectors in New Zealand.

How Hush-Hush can help with international privacy law compliance

Data travels further than you realize. International trade and industry relies on compliance in order to succeed. Implement data protection software from the start to control the flow of data in and out of your business, and ensure your compliance record remains spotless, no matter where your business takes you.

BuildNumber = dev_20210906.1