International Data Privacy Laws

Global data protection regulations and privacy standards worldwide

Global Data Privacy Protection & Regulations

Data privacy is a fundamental human right recognized worldwide. From Europe's groundbreaking GDPR to comprehensive laws in Asia, Africa, and the Americas, countries around the globe are establishing strong protections for personal data. This page provides links to major international privacy laws and regulations.

Last updated: March 21, 2026

144+
Countries with Privacy Laws
6
Major Global Regions
6.6B+
People Protected Globally
๐Ÿ‡ช๐Ÿ‡บ

GDPR: General Data Protection Regulation

The world's strongest and most influential privacy law

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive privacy law that came into effect on May 25, 2018, across all EU member states. It sets the gold standard for data protection and has influenced privacy legislation worldwide.

๐Ÿ›ก๏ธ

Strong Consumer Rights

Access, rectification, erasure, portability, and right to object

โš–๏ธ

Heavy Penalties

Up to โ‚ฌ20 million or 4% of global annual revenue, whichever is higher

๐ŸŒ

Extraterritorial Reach

Applies to any organization processing EU residents' data

๐Ÿ“‹

Accountability

Data Protection Impact Assessments (DPIAs) and mandatory breach notification

Official GDPR Portal โ†’ GDPR Full Text โ†’ EU Commission โ†’

International Standards & Technical Implementation

Engineering clinical data pipelines for global interoperability and multi-jurisdictional compliance.

GDPR (EU/UK)

The Technical Challenge: Right to be Forgotten & Portability

GDPR is the gold standard for privacy. For health-tech, the biggest hurdle is ensuring "Special Category Data" (Health Data) is treated with enhanced protections.

  • Art. 17 (Right to Erasure): Technical workflows for purging records across distributed systems.
  • Art. 20 (Data Portability): Leveraging FHIR to meet machine-readable export requirements.
  • Standard Contractual Clauses (SCCs): Managing technical controls for EU-to-US transfers.
Consultant Note: I architect "Zero-Trust" ingestion layers that apply GDPR-level pseudonymization at the edge, ensuring sensitive EU data is scrubbed before it reaches your US-based analytical stores.

Global Interoperability Frameworks

IPS (International Patient Summary)

The IPS is a specialized FHIR Implementation Guide designed for cross-border care. It is essential for apps serving international travelers or global workforces.

  • Validating IPS terminology sets (SNOMED CT, LOINC).
  • Mapping regional datasets to the IPS core library.
Consultant Note: Drawing on my experience with HL7 and FHIR at Providence and Opala, I ensure your international summaries are 100% compliant with global terminology server requirements.

European Privacy Laws

Country-by-country data protection regulations across Europe

๐Ÿ‡ช๐Ÿ‡บ European Union Member States

All 27 EU member states are bound by GDPR, with additional national implementations:

๐Ÿ‡ช๐Ÿ‡บ All EU Member States (27 Countries)

GDPR
General Data Protection Regulation (GDPR)

Effective: May 25, 2018

Applies to: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden

View GDPR Portal โ†’

๐Ÿ‡ฌ๐Ÿ‡ง United Kingdom

UK GDPR
UK General Data Protection Regulation (UK GDPR)

Effective: January 1, 2021 (Post-Brexit)

The UK's version of GDPR after Brexit, substantially similar to EU GDPR with some UK-specific modifications.

View ICO GDPR Guide โ†’
Data Protection Act 2018

Effective: May 25, 2018

UK's implementation of GDPR, supplementing and tailoring UK GDPR provisions.

View DPA 2018 โ†’

๐Ÿ‡จ๐Ÿ‡ญ Switzerland

Enacted
Federal Act on Data Protection (FADP/revDSG)

Effective: September 1, 2023

Revised Swiss data protection law, aligned with GDPR standards while maintaining Swiss sovereignty.

View Swiss FADP โ†’

๐Ÿ‡ณ๐Ÿ‡ด Norway

GDPR (EEA)
GDPR via EEA Agreement

Effective: May 25, 2018

Norway adopted GDPR through the European Economic Area (EEA) agreement, with national implementation.

View Norwegian DPA โ†’

๐Ÿ‡ฎ๐Ÿ‡ธ Iceland

GDPR (EEA)
GDPR via EEA Agreement

Effective: May 25, 2018

Iceland implemented GDPR through the EEA agreement with national data protection authority.

View Icelandic DPA โ†’

๐Ÿ‡ฑ๐Ÿ‡ฎ Liechtenstein

GDPR (EEA)
GDPR via EEA Agreement

Effective: May 25, 2018

Liechtenstein applies GDPR through its EEA membership.

View Liechtenstein DPA โ†’

๐ŸŒŽ Americas

๐Ÿ‡จ๐Ÿ‡ฆ Canada

Enacted
Personal Information Protection and Electronic Documents Act (PIPEDA)

Effective: January 1, 2001 (Amendments ongoing)

Federal law governing private sector organizations' collection, use, and disclosure of personal information.

View PIPEDA โ†’
Quebec Law 25 (Bill 64)

Effective: September 22, 2023 (Phased)

Quebec's comprehensive privacy modernization, considered Canada's GDPR-equivalent.

View Quebec Law 25 โ†’

๐Ÿ‡ง๐Ÿ‡ท Brazil

Enacted
Lei Geral de Proteรงรฃo de Dados (LGPD)

Effective: September 18, 2020

Comprehensive data protection law modeled after GDPR, covering all personal data processing in Brazil.

View ANPD (Brazilian DPA) โ†’ LGPD English Guide โ†’

๐Ÿ‡ฆ๐Ÿ‡ท Argentina

Enacted
Personal Data Protection Act (PDPA) - Law 25.326

Effective: November 2, 2000

Recognized by EU as providing adequate protection for data transfers from Europe.

View Argentine DPA โ†’

๐Ÿ‡ฒ๐Ÿ‡ฝ Mexico

Enacted
Federal Law on Protection of Personal Data (LFPDPPP)

Effective: July 6, 2010

Comprehensive privacy law for private sector data processing in Mexico.

View INAI (Mexican DPA) โ†’

๐Ÿ‡จ๐Ÿ‡ฑ Chile

Enacted
Law on Protection of Privacy (Law 19.628)

Effective: August 28, 1999 (Amendments ongoing)

Chilean data protection law with ongoing modernization efforts.

View Chilean Law โ†’

๐Ÿ‡จ๐Ÿ‡ด Colombia

Enacted
Law 1581 on Personal Data Protection

Effective: October 17, 2012

Comprehensive data protection law governing personal data processing in Colombia.

View Colombian Superintendence โ†’

๐ŸŒ Asia-Pacific

๐Ÿ‡ฏ๐Ÿ‡ต Japan

Enacted
Act on the Protection of Personal Information (APPI)

Effective: May 30, 2005 (Amended 2022)

Japan's comprehensive privacy law, recognized by EU for adequacy. 2022 amendments strengthen protection.

View PPC (Japanese DPA) โ†’

๐Ÿ‡ฐ๐Ÿ‡ท South Korea

Enacted
Personal Information Protection Act (PIPA)

Effective: September 30, 2011 (Amended 2020)

Comprehensive data protection law with strong enforcement and data breach notification requirements.

View PIPC (Korean DPA) โ†’

๐Ÿ‡จ๐Ÿ‡ณ China

Enacted
Personal Information Protection Law (PIPL)

Effective: November 1, 2021

China's comprehensive privacy law, modeled partially on GDPR with Chinese characteristics.

View CAC (Chinese Authority) โ†’

๐Ÿ‡ธ๐Ÿ‡ฌ Singapore

Enacted
Personal Data Protection Act (PDPA)

Effective: July 2, 2014 (Amended 2021)

Comprehensive data protection law governing private sector, with mandatory breach notification.

View PDPC (Singapore) โ†’

๐Ÿ‡ฆ๐Ÿ‡บ Australia

Enacted
Privacy Act 1988

Effective: December 21, 1988 (Amended 2022)

Federal privacy law with 13 Australian Privacy Principles (APPs) and mandatory data breach notification.

View OAIC (Australian IC) โ†’

๐Ÿ‡ณ๐Ÿ‡ฟ New Zealand

Enacted
Privacy Act 2020

Effective: December 1, 2020

Modernized privacy law with 13 privacy principles and mandatory breach notification.

View NZ Privacy Commissioner โ†’

๐Ÿ‡ฎ๐Ÿ‡ณ India

Enacted
Digital Personal Data Protection Act (DPDPA)

Enacted August 11, 2023; phased implementation through May 2027

India's comprehensive data protection law establishing rights and obligations for digital personal data.

View Indian DPDPA โ†’

๐Ÿ‡ต๐Ÿ‡ญ Philippines

Enacted
Data Privacy Act of 2012 (DPA)

Effective: September 8, 2012

Comprehensive privacy law protecting personal data in government and private sector.

View NPC (Philippines) โ†’

๐Ÿ‡น๐Ÿ‡ญ Thailand

Enacted
Personal Data Protection Act (PDPA)

Effective: June 1, 2022

GDPR-inspired comprehensive privacy law for Thailand.

View Thai PDPC โ†’

๐ŸŒ Middle East & Africa

๐Ÿ‡ฟ๐Ÿ‡ฆ South Africa

Enacted
Protection of Personal Information Act (POPIA)

Effective: July 1, 2021

Comprehensive data protection law aligned with international standards including GDPR principles.

View IRSA (South African Regulator) โ†’

๐Ÿ‡ฎ๐Ÿ‡ฑ Israel

Enacted
Privacy Protection Law 5741-1981

Effective: 1981 (Amendments 2023)

Recognized by EU for adequacy, with ongoing modernization to align with GDPR.

View Israeli PPA โ†’

๐Ÿ‡ฆ๐Ÿ‡ช UAE (Dubai)

Enacted
UAE Federal Decree-Law No. 45 of 2021

Effective: January 2, 2022

Federal data protection law for UAE with GDPR-inspired provisions.

View UAE Data Office โ†’
Dubai Data Law (Law No. 26 of 2015)

Effective: 2016

Dubai International Financial Centre (DIFC) specific data protection law.

View DIFC โ†’

๐Ÿ‡ฐ๐Ÿ‡ช Kenya

Enacted
Data Protection Act 2019

Effective: November 25, 2019

Comprehensive data protection law establishing data protection authority and consumer rights.

View ODPC (Kenya) โ†’

๐Ÿ‡ณ๐Ÿ‡ฌ Nigeria

Enacted
Nigeria Data Protection Regulation (NDPR)

Effective: January 25, 2019

Comprehensive data protection regulation administered by NITDA.

View NITDA (Nigeria) โ†’

International Privacy Frameworks & Standards

Cross-border data transfer mechanisms and global privacy standards

APEC CBPR System

Asia-Pacific Economic Cooperation Cross-Border Privacy Rules

Voluntary framework for privacy protection across APEC economies, facilitating data flows.

Visit CBPR โ†’

OECD Privacy Guidelines

Organisation for Economic Co-operation and Development

International standards for privacy protection and transborder data flows since 1980.

Visit OECD Guidelines โ†’

EU-US Data Privacy Framework

Trans-Atlantic Data Transfers

Framework replacing Privacy Shield for EU-US data transfers (2023).

Visit Framework โ†’

ISO 27701

Privacy Information Management

International standard for privacy information management systems.

Visit ISO โ†’

Council of Europe Convention 108+

European Convention for Data Protection

First legally binding international instrument on data protection, modernized in 2018.

Visit CoE โ†’

African Union Data Protection Convention

Malabo Convention

Pan-African framework for data protection and privacy (2014).

Visit AU Convention โ†’

Your Data Health: Global Privacy Compliance

Your Data Health is committed to meeting the highest international privacy standards, wherever our members are located:

๐ŸŒ

GDPR Compliant

Our platform meets all GDPR requirements including consent management, data portability, right to erasure, and breach notification.

๐Ÿ”’

International Standards

Your Data Health follows ISO 27701 for privacy management and implement privacy-by-design principles from GDPR and global best practices.

โš–๏ธ

Cross-Border Transfers

Your Data Health uses approved mechanisms for international data transfers including Standard Contractual Clauses (SCCs) and adequacy decisions.

๐Ÿ›ก๏ธ

Local Compliance

Where members reside in countries with specific privacy laws, Your Data Health ensures compliance with local requirements.

Questions About International Privacy Compliance?

Your Data Health is here to help explain how Your Data Health protects your data under international law.

Contact Consulting View Privacy Laws

Ready to Take Control?

Enterprise compliance auditing for FHIR, MHMDA, and global privacy standards.

Audit My Pipelines