For anyone working in the privacy space, 2018 can be summed up with four letters: GDPR. The General Data Protection Regulation’s implementation date of May 25, 2018, will forever be etched in the minds of many as the date that the European Union adopted a comprehensive and far-reaching privacy law.
On reflection, the GDPR was truly a watershed moment for global privacy law. Not only because of the rights and protections it provides to individuals in the European Union, but because -- less than a year later -- the GDPR has inspired other governments to consider similar legislation. New privacy laws are coming into effect in California, Brazil and possibly other U.S. states and countries, and these laws share many of the same principles of the GDPR.
Privacy matters to individuals, communities, businesses and governments inside and outside of Europe. It has become an important topic at the dinner table, in boardrooms, chat rooms and newsrooms and during legislative sessions.
Navigating the Global Landscape
For many privacy professionals in the U.S., a new 4-letter phrase will sum up 2019: CCPA. The CCPA is a new California privacy law coming into effect on January 1, 2020. The CCPA has created its own watershed moment in US privacy law. As of this blog post, at least 9 other US states have introduced new privacy legislation on the heels of the CCPA. While the CCPA shares some similarities with the GDPR, there are many differences which will affect how the law is implemented by businesses and exercised by individuals.
Several versions of a U.S. Federal privacy law are also being discussed, showing a renewed momentum to consider adoption of a Federal privacy law in the U.S. Many questions remain on the content and likelihood of such a law being implemented in the near future.
As mentioned above, in August of 2018, Brazil adopted a new privacy regime that has many similarities to the GDPR. Brazil’s law will go into effect in early 2020. Argentina and Thailand are also considering new data protection bills, with protections similar to the GDPR. India is also expected to make progress on a draft personal data protection bill.
While we cannot cover every piece of privacy legislation across the globe in this post, we hope that we have conveyed the message that privacy really matters - both inside and outside of the EU.
Exploring Data Accountability
With increasing privacy regulation comes the need for greater data accountability throughout all levels of an organization. Privacy compliance once fell solely onto the shoulders of designated individuals or a single team and relied on the internal processes and policies of organizations. Compliance and privacy teams historically worked to verify compliance while improving processes to try to ensure compliance. In today’s privacy world, everyone must be accountable for the ways in which they collect, use, protect and share data.
At Red Hat, our Data Security + Privacy team collaborates with members from different areas of Red Hat. This cross-functional approach fits with Red Hat’s open culture and our values of transparency, participation, and community. Our DS+P team’s goal is to support Red Hat’s culture of innovation while working side-by-side with our associates to build in privacy. We do this through training, engaging in privacy impact assessments and fostering an open dialogue on privacy at Red Hat.
Staying Connected to Red Hat’s Trust Page
If you would like to learn more, our "Trust Red Hat" page provides a single location for topics such as security, privacy, compliance and product availability, as well as communicating our commitment to privacy while providing informational updates that are top of mind, such as the GDPR.