Blocking statutes, banking secrecy and data protection are not new concepts, but now more than ever the challenges crystallising because of geopolitical shifts must be carefully assessed and responded to.
The past few years have seen significant developments in data privacy regulation in Europe, the Middle East and Africa (EMEA). These have included the repeal of Safe Harbour and the introduction of the Privacy Shield, the EU General Data Protection Regulation (GDPR) coming into force in May 2018, the passing of the Data Privacy and Protection Law by the Qatari government, and the appointment of South Africa’s first members of the Information Regulator to monitor and enforce provisions of the Protection of Personal Information Act (the POPI Act).
It is fair to say that, with the advancement of and reliance on technology to conduct cross-border business, there will be no relaxation in data protection laws. Companies must be informed on how to navigate the ever-changing regulation, and cross-border, cross-jurisdictional data governance, transfer and protection challenges.
FRA Director, Weng Yee Ng, discusses this further in her article The Geopolitics of Data Transfer, in GIR: Europe, The Middle East and Africa Investigations Review 2019. The article will provide an overview of key data privacy regulations throughout EMEA, and set out some considerations and practical guidelines to minimise risk exposure for companies and professional services firms dealing with crossborder investigations and litigation.