Vinod Sebastian – B.Tech, M.Com, PGCBM, PGCPM, PGDBIO

Hi I'm a Web Architect by Profession and an Artist by nature. I love empowering People, aligning to Processes and delivering Projects.

Hi I'm a Web Architect by Profession and an Artist by nature. I love empowering People, aligning to Processes and delivering Projects.


Advertisements




Category: IT Made Easy Privacy Laws
Tags: IT Made Easy, Privacy Laws
Published on: December 6, 2025

Major Privacy Laws

General Data Protection Regulation (GDPR) – EU & UK

Scope: The GDPR applies globally to any organization processing personal data of EU/UK residents, covering both online and offline data.

Key Features:

  • Explicit consent required for data collection.
  • Rights include access, rectification, erasure (“right to be forgotten”), and portability.
  • Mandatory breach notification within 72 hours.
  • Non-compliance can result in heavy fines, up to €20 million or 4% of global turnover.

California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA) – California, USA

Scope: These laws apply to for-profit businesses handling data of California residents, with thresholds based on revenue or number of consumers.

Key Features:

  • Right to know what data is collected.
  • Right to delete personal data.
  • Right to opt-out of data sales.
  • CPRA introduces correction rights and sensitive data protections.
  • Penalties range from $2,500 to $7,500 per violation.

Personal Information Protection and Electronic Documents Act (PIPEDA) – Canada

Scope: PIPEDA applies to private-sector organizations across Canada, with exceptions for provinces with their own equivalent laws.

Key Features:

  • Requires informed or implied consent for data processing.
  • Principles include accountability, limiting collection, and safeguarding data.
  • Individuals have the right to access and challenge the accuracy of their data.

Brazilian General Data Protection Law (LGPD) – Brazil

Scope: LGPD applies to any entity processing personal data in Brazil, including both domestic and international companies.

Key Features:

  • Consent-based processing with transparency obligations.
  • Rights include access, correction, and deletion of personal data.
  • Requires the appointment of a Data Protection Officer (DPO).
  • Penalties can reach up to 2% of revenue, capped at 50 million BRL.

Personal Data Protection Act (PDPA) – Singapore

Scope: PDPA governs the collection, use, and disclosure of personal data in Singapore, applicable to both digital and physical records.

Key Features:

  • Consent is required for the collection and use of personal data.
  • Organizations have accountability obligations for data protection.
  • Mandatory breach notification requirements.
  • Penalties can go up to SGD 1 million for non-compliance.

Protection of Personal Information Act (POPIA) – South Africa

Scope: POPIA applies to all public and private bodies processing personal information in South Africa.

Key Features:

  • Requires lawful processing of personal information.
  • Individuals have rights to access, correct, and object to the processing of their data.
  • Non-compliance can lead to severe penalties, including fines or imprisonment for up to 10 years.

Personal Information Protection Law (PIPL) – China

Scope: PIPL applies to the processing of personal data of individuals in China, with strict rules for cross-border data transfers.

Key Features:

  • Consent-based processing of personal data.
  • Strict restrictions on international data transfers.
  • Penalties for violations can be as high as RMB 50 million or 5% of annual revenue.

Data Protection Bill (DPDP Act) – India

Scope: The DPDP Act applies to the processing of digital personal data in India and extends to data related to Indian citizens processed abroad.

Key Features:

  • Consent-based processing of personal data.
  • Rights provided include access, correction, erasure, and grievance redressal.
  • Establishes the Data Protection Board of India for oversight and enforcement.

📜 HIPAA (USA – Healthcare)

Scope

  • Applies to healthcare providers, insurers, and business associates handling protected health information (PHI) in the United States.
  • Covers electronic, paper, and oral health information.

Key Features

  • Privacy Rule: limits use/disclosure of PHI, grants patients rights to access and amend records.
  • Security Rule: requires safeguards for electronic PHI (encryption, access controls, audit trails).
  • Breach Notification Rule: mandates notifying affected individuals and regulators of breaches.
  • Enforcement Rule: civil and criminal penalties, fines up to $1.5M per year per violation category.

🔑 Big Picture

  • GDPR, LGPD, PIPL, DPDP Act → broad, cross-sector, consent-driven frameworks.
  • CCPA/CPRA, PIPEDA, PDPA, POPIA → regional laws with varying strength, often modeled after GDPR.
  • HIPAA → sector-specific, focused entirely on healthcare data, with strict technical safeguards.

📌 Related Posts:

  1. Managing the RDBMS Score: 10 Tags: Database, IT Made Easy
  2. Understanding ASP.NET Page Life-Cycle Stages Score: 8 Tags: ASP.NET, IT Made Easy
  3. Project Management Score: 8 Tags: IT Made Easy, Project Management
  4. Understanding Callback Functions in JavaScript Score: 8 Tags: IT Made Easy, Javascript
  5. Salesforce Lightning Web Components Communication Score: 8 Tags: IT Made Easy, Salesforce, Salesforce LWC
  6. Data Manipulation Language Score: 8 Tags: Database, IT Made Easy, Oracle
  7. Salesforce Platform Events Score: 7 Tags: IT Made Easy, Salesforce, Salesforce Apex, Salesforce Asynchronous Apex
  8. CSS Tips and Tricks Score: 7 Tags: CSS, IT Made Easy
  9. Streams and Network Programming Score: 7 Tags: IT Made Easy, PHP
  10. Downloads Score: 7 Tags: Download
  11. Understanding Database Management Systems (DBMS) Score: 7 Tags: Database, IT Made Easy
  12. Data Definition Language (DDL) in SQL Score: 7 Tags: Database, IT Made Easy, SQL
  13. Data Normalization Score: 7 Tags: Database, IT Made Easy
  14. Different Types of Testing Score: 6 Tags: IT Made Easy, Testing
  15. Miscellaneous Score: 6 Tags: C#, IT Made Easy
  16. The Evolution of C# 4.0 Score: 6 Tags: C#, IT Made Easy
  17. Salesforce Scheduled Apex Score: 6 Tags: IT Made Easy, Salesforce, Salesforce Apex, Salesforce Asynchronous Apex
  18. Web Service Score: 6 Tags: IT Made Easy, PHP
  19. Event in C# Programming Score: 6 Tags: C#, IT Made Easy
  20. Data Model Score: 6 Tags: Database, IT Made Easy