Understand services rules and regulations:Understanding data regulations and data protection when exporting

What data regulation and data protection means

Data protection is how you choose to safeguard any personal data your company keeps, such as your employee records, customer details or financial transactions.

Data regulations are how countries or governing bodies enforce data protection rules across a sector or market.

For example, regulations in certain markets may restrict the type of data you can keep and where it’s stored.

How data regulations vary across markets

Data regulations can vary depending on your sector or chosen market. And there’s no universal set of regulations which apply to every market.

If you’re collecting or using data in the EU you will have to comply with the General Data Protection Regulation (GDPR). This includes a set of principles which anyone using personal data has to follow. For example, asking for consent before processing your customers’ data.

In other markets, data regulation could be less centralised and there may not be a single law or act covering data protection. For example, the governance of data could vary by state or region in a country.

You may also find that certain sectors such as finance and healthcare are more heavily regulated and have additional safeguards in place to protect personal data.

How to stay compliant with data regulations

If you do not comply with data regulations, you risk potential fines and damage to your company’s global reputation.

So, it’s important to have a clear idea of what you want to do with personal data. Start by asking:

• how much data will you collect?
• where will you use it?
• what will it be used for?
• where will it be stored?
• who will you share it with?

You can then research your chosen market and assess the impact of any regulations against your data needs. This may include doing your own online research on key terms. For example, ‘data protection Spain’, or ‘data sovereignty Spain’.

You might also want to search for local law firms. If you choose to work with a lawyer in your local market they can investigate data protection regulation for you.

The impact of local culture, industry and company policy

Consider the impact of local culture, industry or individual company policies on your data protection policy. These can often demand more than is required by nationwide regulations.

For example, you may find buyers in your industry insist all personal data collected is stored within their country – even if your offshore data storage meets the country’s data protection regulations.