The past few years have seen significant developments in data privacy regulation in Europe, the Middle East and Africa (EMEA). These have included the repeal of Safe Harbour and the introduction of the Privacy Shield, the EU General Data Protection Regulation (GDPR) coming into force in May 2018, the passing of the Data Privacy and Protection Law by the Qatari government, and the appointment of South Africa's first members of the Information Regulator to monitor and enforce provisions of the Protection of Personal Information Act (the POPI Act).
It is fair to say that, with the advancement of and reliance on technology to conduct cross-border business, there will be no relaxation in data protection laws. Companies must be informed on how to navigate the ever-changing regulation, and cross-border, cross-jurisdictional data governance, transfer and protection challenges.
To add further uncertainty and complexity to the current regulatory environment, recent disruptive geopolitical developments, such as Brexit and the Trump administration's proposed approach to modernise US data privacy policy, will inevitably further highlight conflicts of law and add complexity to the issue of data transfers, especially in the context of investigations and disputes - and, by extension, eDiscovery. Because regulatory investigations and related processes frequently span several years, strategic decisions made today around data transfers will have important ramifications down the line.
FRA Director, Weng Yee Ng, discusses this further in her article The Geopolitics of Data Transfer, in GIR: Europe, The Middle East and Africa Investigations Review 2019. The article will provide an overview of key data privacy regulations throughout EMEA, and set out some considerations and practical guidelines to minimise risk exposure for companies and professional services firms dealing with cross-border investigations and litigation.
.jpg)
