Data Theft rules and regulations_ Things you should know (Pt.1)
                     Data Theft rules and 
regulations: Things you should 
know (Pt.1)
Website : www.faidepro.com
Address :  417- Accurate Square, Tagore Road, 
Rajkot, India - 360002
E- Mail : [email protected]
Mobile No : +919510395794
Issues Faced : 
❏ The most serious problem with data theft is its 
international nature; for example, systems may be 
accessed in the United States, data exploited in China, and 
the effects felt in India. 
❏ Different sovereignties, jurisdictions, laws, and rules will 
come into play as a result of this capacity, which is a 
problem in and of itself. 
❏ Furthermore, gathering evidence in such circumstances 
becomes a problem because conducting an investigation in 
three different countries, all of which do not speak the 
same language, is nearly impossible, and our cops’ lack of 
technologihctatlp ksn:/o/fwa-ihdoewpr aod.cdosm to/d tahtea apnrodbitl.epmhsp. 
Issues Faced : 
❏ Another issue is a lack of cooperation between various 
investigating agencies and a shaky extradition process. 
❏ The most critical of all of these problems is the lack of clear 
legislation in the country dealing with this crime, which 
means that even though the perpetrator is apprehended, he 
can easily get away by using some of our legal loopholes. 
❏ Data and IT services provide better protection against data 
theft.
❏ We’ve compiled a list of ten data protection laws from 
around the world that businesses should be aware of. The 
IT Security Standards provide a complete guideline in this 
field.
https://faidepro.com/dataandit.php
1. General Data Protection Regulation (GDPR) (EU)
❏The General Data Protection Regulation (GDPR) of the European 
Union went into effect on May 25, 2018, and it has had a far-
reaching ripple effect, putting data protection into the public eye 
and onto legislative agendas all over the world.
❏GDPR is the most dramatic reform in the data privacy policy in the 
last 20 years, offering unparalleled levels of security and 
individual empowerment.
❏The European Union’s current data protection policy imposes new 
requirements on businesses and organisations to ensure the 
privacy and protection of personal data, grants data subjects’ 
certain privileges, and empowers regulators to demand 
transparency demonstrations or even levy fines in cases of non-
comhpttlipasn:c//ef.aidepro.medium.com/what-is-gdpr-3ff0034ff454
1. General Data Protection Regulation (GDPR) (EU)
❏ The GDPR 's main principles include legal, equitable, and 
straightforward processing, clear and explicit consent, 
mandatory violation notification, the right to access, the 
right to be forgotten, and privacy by design and default. 
❏ The regulation has extraterritorial application, which 
means it extends to all entities that collect and process 
personal data of EU citizens, regardless of their location.
https://faidepro.medium.com/what-is-gdpr-3ff0034ff454
https://faidepro.com/dataandit.php
2. The Personal Information Security and Electronic 
                     Records Act (PIPEDA) (Canada)
❏ The Personal Information Security and Electronic 
Documents Act (PIPEDA), Canada’s federal data 
protection statute, was passed in 2000. The Personal 
Information Protection and Electronic Documents Act 
(PIPEDA) governs how companies obtain, use, and 
report personal and confidential data in the private 
sector, among other things. 
❏ The legislation is divided into ten fundamental values 
that must be followed by companies.
https://faidepro.com/dataandit.php
2. The Personal Information Security and Electronic 
                     Records Act (PIPEDA) (Canada)
❏ The Government of Canada released the Data Privacy 
Act, an update to PIPEDA, on November 1st, 2018, in 
order to harmonise Canadian standards with those of 
the EU’s GDPR. This Act modifies PIPEDA by adding 
additional regulations such as consent provisions, data 
breach alerts, and a broader scope of implementation. 
❏ The Government of Canada announced a 10-principle 
Digital Charter and a Discussion Paper detailing plans 
to modernise PIPEDA on May 22, 2019.
https://faidepro.com/dataandit.php
3. The California Consumer Privacy Act 
(CCPA) (California)
❏ The California Consumer Privacy Act (CCPA), which takes 
effect on January 1, 2020, was enacted in response to the 
increasing importance of personal data in modern 
business practices, as well as the personal privacy 
consequences of data collection, usage, and security. 
❏ The Golden State’s new data privacy legislation, which 
was signed into law on June 28, 2018, provides users 
access to and control over personal information collected 
online, and it requires businesses doing business in 
California to make structural improvements to their 
privacy syhsttepms:s/./faidepro.com/dataandit.php
3. The California Consumer Privacy Act 
(CCPA) (California)
❏ Given California’s status as the world’s fifth-largest economy, the 
CCPA is expected to have a global effect, similar to the GDPR.
❏ An expanded definition of personal information, new data privacy 
protections for California residents, a new statutory damages 
system, and new rules when children’s personal data is used are all 
main components of the CCPA. 
❏ The right to know what data is being collected about them and how 
it is being used, as well as the right to have their data erased, are 
among the many parallels between California’s new privacy law and 
its European equivalent, the GDPR. 
❏ However, there are major differences between the two laws, 
especially in terms of the extent of implementation and rules 
concerning acquiescence.
https://faidepro.com/dataandit.php
4. The Act on Personal Information 
Protection (APPI) (Japan)
❏ The Act on Personal Information Protection in Japan 
(APPI) was passed in 2003 and went into effect in 2005. It 
was substantially revised ten years later, in 2015; the 
changes went into force on May 30, 2017, one year ahead 
of the EU’s GDPR.
❏ The APPI safeguards individuals’ personal data in Japan 
by developing laws for governments and some business 
operators to obey in order to secure an individual’s rights 
when it comes to collecting and managing personal data. 
Whether or not cross-border data transfers occur, entities 
operating hintt Jpasp:a//nfa miduesptr oco.cmompl/yd watiatha nAdPiPt.Ip.hp
4. The Act on Personal Information 
Protection (APPI) (Japan)
❏ In some ways, the APPI differs from the GDPR; the 
GDPR offers more rights to data subjects and imposes 
tighter rules on organisations that handle personal 
data than the APPI. 
❏ Following the GDPR, Japan became the first country to 
receive an adequacy decision from the European 
Commission (EC), ensuring a seamless flow of data 
between the EU and Japan as well as facilitating 
increased data transfers.
https://faidepro.com/dataandit.php
5. Lei Geral de Proteço de Dados (LGPD) 
(Brazil)
❏ Brazil adopted the General Data Protection Law (“Lei Geral 
de Proteço de Dados” or “LGPD”) on August 14, 2018, 
which will take effect on August 15, 2020. The new data 
protection system, which is largely influenced by the 
GDPR, sets guidelines for the online and offline collection 
of personal data in both the public and private sectors, 
regardless of the position of the data processor.
❏ The law seeks to replace and complement current legal 
codes, with one of the goals being to bring Brazil’s data 
care in line with European standards.
https://faidepro.com/dataandit.php
5. Lei Geral de Proteço de Dados (LGPD) 
(Brazil)
❏ Data subjects’ rights (e.g., the right to request access 
to their data as well as the right to be forgotten), the 
need for data protection officers, data protection 
impact evaluations, and data breach alerts are all key 
parallels between the LGPD and GDPR. 
❏ However, the LGPD goes beyond and beyond 
European regulation in many ways, such as legal 
bases and mandatory violation notices.
https://faidepro.com/dataandit.php
6. Personal Data Protection Act (PDPA) 
(Singapore)
❏ In Singapore, personal data is covered by the Personal Data 
Protection Act (PDPA), which was passed in 2012 and went into 
effect in 2014. The PDPA is a data security system that governs 
the collection, use, disclosure, and storage of personal data for 
all private sector organisations.
❏ It respects both individuals’ rights to personal data privacy and 
organisations’ needs to obtain, use, and reveal personal data 
for legitimate and fair purposes.
❏ The PDPA, like the GDPR, has extraterritorial application and 
refers to anyone who does not have a physical presence in 
Singapore.
https://faidepro.com/dataandit.php
7. Personal Data Protection Act (PDPA) 
(Thailand)
❏ The Personal Data Protection Act (PDPA), Thailand’s first unified 
law regulating data protection in the country, was published on 
May 27, 2019. By May 27, 2020, organisations gathering and 
processing personal data must be consistent with the PDPA.
❏ Thailand’s government has generally taken principles from the 
GDPR, with a few tweaks to suit the country’s needs. It did so on 
purpose to prove that Thailand has an “adequate” standard of 
data security in contrast to the EU.
❏ The PDPA contains a new concept of personal information, 
special categories of confidential data, consent provisions for 
minors, data subjects’ privileges, extraterritoriality, and limits on 
personal data transfers to third countries, among other items.
https://faidepro.com/dataandit.php
7. Personal Data Protection Act (PDPA) 
(Thailand)
❏ The PDPA contains a new concept of personal 
information, special categories of confidential data, 
consent provisions for minors, data subjects’ 
privileges, extraterritoriality, and limits on personal 
data transfers to third countries, among other items.
- To be continued in Pt.2  
https://faidepro.com/dataandit.php
FaidePro
Website: https://faidepro.com
Blog: http://blogs.faidepro.com/
LinkedIn: https://in.linkedin.com/company/faidepro
Twitter: https://twitter.com/faidepro
Instagram: https://www.instagram.com/faidepro/
Facebook : https://www.facebook.com/Faidepro-103150408248729
Source: https://faidepro.medium.com/