Global Data Protection Enforcement Report
Nearly every company in the world is struggling to effectively manage the broad range of legal and operational risks associated with data. Data is everywhere, and everyone is working to avoid wrongful disclosures, theft of informational assets, and the losses related to the costly legal fallout. This is the result, in large part, of the heightened regulatory scrutiny and marketplace expectations facing multinationals linked electronically across country borders, and increasingly dependent on service providers for their core business functions. Under the European Union’s General Data Protection Regulation, for example, organizations now face fines of up to EUR 20,000,000 for major infringements (such as failure to comply with cross-border transfer rules or obtain adequate consents), or in the case of an undertaking, up to 4% of the worldwide annual turnover of the preceding financial year (whichever is higher).
Against this backdrop, Baker McKenzie is pleased to present the results of its Global Data Protection Enforcement Report. We set out to give legal and compliance risk managers an understanding of the data enforcement laws in place around the world in the hopes of better equipping them to make informed decisions about how to manage risks associated with data. To this end, we surveyed local counsel in 44 jurisdictions throughout the Americas, EMEA, and APAC, and asked them to describe the legal risks associated with violations of data protection laws, and summarize enforcement activities among local data protection authorities.
The findings of this Report further demonstrate how important it is to enhance compliance controls in large, multi-national corporations with the goal of reducing the risk of an enforcement action on foreign soil. These internal compliance controls include conducting Privacy Impact Assessments, preparing data flow maps as part of any new project involving cross-border data transfers, and creating a culture of awareness surrounding privacy, data security, and the wide spectrum of potentially applicable laws. We hope you find it useful within your organizations.