Privacy is a global issue. More and more countries are enacting strict laws to protect personal data. As a website operator, you need to know the relevant regulations for your audience.

GDPR (European Union)

The General Data Protection Regulation has been in force since May 2018 and is considered the strictest data protection law in the world. It applies to all companies processing personal data of EU citizens – regardless of where the company is located.

UK GDPR & Data Protection Act (United Kingdom)

After Brexit, the UK adopted its own version of GDPR (UK GDPR) alongside the Data Protection Act 2018. The requirements are largely identical to EU GDPR. The ICO (Information Commissioner's Office) enforces compliance with fines up to £17.5 million or 4% of global turnover.

CCPA/CPRA (California, USA)

The California Consumer Privacy Act (now enhanced by CPRA) gives California consumers the right to know what data is collected and to opt-out of data sales. Unlike GDPR, it follows an 'Opt-Out' approach. Fines up to $7,500 per intentional violation.

Other US State Laws

Multiple US states have enacted their own privacy laws: Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and more are following. Each has unique requirements, making a flexible CMP essential for US market coverage.

LGPD (Brazil)

The Brazilian General Data Protection Law (Lei Geral de Proteção de Dados) has been in force since 2020 and closely mirrors GDPR. It applies to any company processing data of Brazilian residents, with fines up to 2% of revenue (max R$50 million per violation).

POPIA (South Africa)

The Protection of Personal Information Act has been fully enforceable since 2021. It requires companies to process personal data lawfully and implement appropriate security measures. Violations can result in fines up to R10 million or imprisonment.

Privacy Act (Australia)

Australia's Privacy Act 1988 (amended 2022) regulates how personal information is handled. The APPs (Australian Privacy Principles) require transparency and consent for data collection. Penalties can reach AUD 50 million for serious breaches.

KVKK (Turkey)

Turkey's Personal Data Protection Law (KVKK) has been in force since 2016. It requires explicit consent for data processing and mandates registration with the VERBIS registry. Fines range from TRY 40,000 to TRY 3 million.

PIPA (South Korea)

South Korea's Personal Information Protection Act is one of the strictest in Asia. It requires opt-in consent, data localization for certain sectors, and notification of cross-border transfers. Violations can result in criminal penalties.

Comparison of key laws

While all these laws aim to protect personal data, they differ in important details such as consent model (opt-in vs opt-out), sanctions, and territorial scope. A good CMP helps you navigate these differences.

A good CMP helps you meet the requirements of various data protection laws – with automatic geo-detection and customizable legal bases for 20+ privacy frameworks.