(R)evolution in regulating data protections
Issue of ethics in online behavior is becoming more and more important in the tech and digital world. Lawmakers across the globe are educating their citizens about their privacy rights, and they are protecting them against damages from data breaches, which may have dramatical impact on the reputation and operations of a business with the breach.
GDPR has initiated a revolution in legal regulation in general, and in personal data protection especially, because of its applicability outside of the territory of the EU. This is of great importance for tech companies with operations outside of their borders. Countries across the globe are adopting new data protection laws which are heavily influenced by the GDPR (Brazil, India, California, New Jersey, Serbia etc.).
The new Serbian Data Protection Act will apply as of August 21, 2019. It relies heavily on the GDPR.
GDPR applies to all companies that process personal data of individuals on the territory of the EU, regardless of where they are located, including those in China. While large Chinese corporations may already have taken the needed measures for legal compliance, small and medium-sized enterprises may not even be aware of it. The burden on the Chinese firms to comply with the privacy and security regulations does not end with the GDPR. In addition to ePrivacy in the EU, China itself has a modern set of data protection legislation that some consider as the most advanced in Asia. One is "Cybersecurity Law", which came into force on June 1, 2017, with its administrative specification in the form of the "Personal Information Specification" (May 1, 2018); and the second one is the "Data Transfer Law", which is still in draft but is likely to come into effect some time in 2019. To the compliance burden for the Chinese companies we may add data protection laws coming from the US, such as the "California Consumer Protection Act", a US state equivalent to GDPR.