Data protection: Country Q&A tool

Search the Country Q&A in the Data protection Global Guide by question and jurisdiction.

Step 1: Check the boxes to select the questions and the jurisdictions for comparison.
Step 2: Click the "submit" button.
Step 3: Scroll down to view answers and check law stated dates for each jurisdiction.

Choose your questions - Select all/De-select all

Choose your jurisdictions - Select all/De-select all


1. What national laws regulate to the collection and use of personal data?
2. To whom do the laws apply?
3. What data is regulated?
4. What acts are regulated?
5. What is the jurisdictional scope of the rules?
6. What are the main exemptions (if any)?
7. Is notification or registration required before processing data?

Main data protection rules and principles

8. What are the main obligations imposed on data controllers to ensure data is processed properly?
9. Is the consent of data subjects required before processing personal data?
10. If consent is not given, on what other grounds (if any) can processing be justified?
11. Do special rules apply for certain types of personal data, such as sensitive data?

Rights of individuals

12. What information should be provided to data subjects at the point of collection of the personal data?
13. What other specific rights are granted to data subjects?
14. Do data subjects have a right to request the deletion of their data?

Security requirements

15. What security requirements are imposed in relation to personal data?
16. Is there a requirement to notify personal data security breaches to data subjects or the national regulator?

Processing by third parties

17. What additional requirements (if any) apply where a third party processes the data on behalf of the data controller?

Electronic communications

18. Under what conditions can data controllers store cookies or equivalent devices on the data subject's terminal equipment?
19. What requirements are imposed on the sending of unsolicited electronic commercial communications?

International transfer of data

20. What rules regulate the transfer of data outside your jurisdiction?
21. Are data transfer agreements contemplated or in use? Have any standard forms or precedents been approved by national authorities?
22. Is a data transfer agreement sufficient to legitimise transfer, or must additional requirements (such as the need to obtain consent) be satisfied?
23. Does the relevant national regulator need to approve the data transfer agreement?

Enforcement and sanctions

24. What are the enforcement powers of the national regulator?
25. What are the sanctions and remedies for non-compliance with data protection laws?
{ "siteName" : "PLC", "objType" : "PLC_Doc_C", "objID" : "1247355924054", "objName" : "Data protection Country Q&A tool", "userID" : "2", "objUrl" : "", "pageType" : "Resource", "academicUserID" : "", "contentAccessed" : "true", "analyticsPermCookie" : "22e97be00:15b01bdc793:1ffa", "analyticsSessionCookie" : "22e97be00:15b01bdc793:1ffb", "statisticSensorPath" : "" }