Navigating Global Data Regulations

Global data regulations are evolving rapidly, presenting organizations with challenges and opportunities. As businesses expand internationally, understanding and complying with diverse data protection laws is more critical than ever.

Merav Yuravlivker, Chief Learning Officer at Data Society, underscores this complexity: “We’re moving much faster as a society in terms of technology than we are in terms of policy.” 

Navigating this landscape requires proactive strategies and a commitment to ethical data practices.

The regulatory environment is a mosaic of laws and standards, each with its nuances:

• General Data Protection Regulation (GDPR): Implemented by the European Union in 2018, GDPR sets strict guidelines on data privacy and applies to any organization handling EU residents' data.
• California Consumer Privacy Act (CCPA): Enacted in 2020, the CCPA enhances privacy rights and consumer protection for residents of California, influencing data practices across the United States.
• China's Personal Information Protection Law (PIPL): Effective 2021, PIPL governs data protection in China, adding complexity for international companies.

• EU Artificial Intelligence Act (AI Act): Enacted on July 12, 2024, and effective from August 1, 2024, with specific provisions applying from February 2, 2025, this act regulates AI systems to ensure they are safe and respect existing laws on fundamental rights and values.
• Data Governance Act: This EU regulation, which entered into force on September 24, 2023, seeks to increase trust in data sharing, strengthen mechanisms to increase data availability, and overcome technical obstacles to data reuse.
• Data Act: Published on December 22, 2023, this regulation introduces harmonized rules on fair access to and use of data, with most provisions applicable from September 12, 2025.

Merav notes, “We might get to a generally accepted standard, but I still think there are going to be variations between countries. It's going to be a headache for companies that operate in all of those countries.”

• Develop Robust Data Governance Frameworks
  • Establish clear policies and procedures that align with the strictest regulations to simplify compliance across jurisdictions.
• Invest in Ethical Data Practices
  • “Ideally, when companies are thinking about ownership and taking ethical considerations into account, they're thinking ahead about the best interest for their stakeholders,” says Merav. Ethical practices build trust and can mitigate legal risks.
• Leverage Technology Wisely
  • Utilize data management tools that support compliance efforts, such as automated consent management and data mapping solutions.
• Foster a Culture of Accountability
  • “It's important to develop that culture, but it should trickle down to every individual in that company,” Merav advises. Training and awareness programs ensure that all employees understand their role in data protection.

The quest for a universal data ownership standard remains uncertain. “I would say we are looking toward a universal policy of data ownership, but that's not really how the world works,” Merav reflects. 

Businesses must navigate the current fragmented landscape while advocating for more harmonized regulations.

Global data regulations will continue to evolve, and organizations must stay agile. By prioritizing data governance, ethical practices, and a culture of responsibility, companies can comply with current laws and build a foundation of trust with their stakeholders. Want to learn how Data Society can help? Contact us today.