Since its implementation in 2018, the European Union’s General Data Protection Regulation (EU GDPR) is widely seen as the global regulatory standard in the data protection and privacy landscape. In many countries enacting new data protection laws or modernising current data protection laws, such as Thailand and Indonesia, the GDPR has been viewed as a useful yardstick.
The GDPR was designed to ensure the protection of personal data processed by both public and private organisations within the EU. Privacy is regarded as a human right that is necessary to protect, especially when it comes to business practices and personal data.
How does the GDPR affect companies outside of the EU?
It is not unusual to see multinational corporations that are headquartered in the EU choosing to take the GDPR as the default position for data privacy across all of their global operations to ensure consistency among the countries in which they operate. At times, these corporations take that position simply because they think that it is the right thing to do
On the flip side, Asian companies that choose to market their goods or services to individuals located in the EU or who choose to profile such individuals must comply with the GDPR when they carry out these activities. For most Asian companies, such compliance is typically little different from complying with local data protection or data privacy law.