Privacy Laws and Applicable Regulations: The Inventory
Privacy Laws and Applicable Regulations: this is a big deal.
Earlier, we talked about the importance of setting down a solid Privacy Governance program. If you missed the post, you can have a look at it clicking here.
Now it is time to focus our attention to inventory all the privacy laws and regulations applicable to your company. If you unsure where to start from, well, you know our advice: drop us an email. We are your Privacy Manager in Spain, Europe and we love to talk.
Applicable Privacy Laws
Primarily, I have to say that simplifying the explanation for the concept of the privacy laws applicability is never a good idea.
In fact, the task of the privacy laws inventory is one of the most delicate (and technical) step of the whole privacy program.
Consequently, we suggest you to call a privacy expert and if you don’t know anyone, you can always call this guy…
At length, I will summarize the applicable rules of thumb.
Where are you based? It affects the applicable privacy laws
The location of your establishment is crucial to determine the applicable privacy legislation.
For example: you’re based in Portugal and all of your customers (and their personal data) are in Brasil. For that reason, the GDPR will be applicable to your company and, of course, the Portuguese privacy law as well.
So far, so good but… What if you have establishments in Portugal and in Brasil? Well, in this case both privacy laws are applicable.
Where are your customers based?
In addition to the right answer to the first question about the location of your establishment, you should focus your attention to the location of your customers (again, and their personal data).
Are they based all over the world? Congratulations! Your marketing and customer service teams have done a great job.
But now the compliance team will take the lead, in order to ensure that your expansion will not lead you to a catastrophic point-of-no-return.
In which sector are you working in?
Financial Services? Then, among others, you better be prepared for the GLBA.
Did you say Health Sector? Really? Are you sure that the HIPAA is not applicable to your company?
Privacy Laws Inventory: too tough?
We mentioned only the very basic questions you should answer, in order to have a general idea of your privacy laws inventory.
Again, you already know the solution: call us now!