Rulefinder
Data Privacy
Analysis of international privacy laws, curated by experts
Request free trialHow it works
Rulefinder Data Privacy is an easy-to-use resource that provides practical analysis of data privacy laws across key global markets.
The analysis is simple to access online, easy to navigate and maintained by a dedicated team of senior lawyers.
This indispensable tool:
- Considers an organisation's data privacy obligations globally, including GDPR, PIPL, and CCPA
- Compares obligations, including individual access rights, cookies, breach response, sanctions, consent, and territorial scope
- Keeps you ahead of developments with daily horizon scanning alerts and a dedicated tracker of global privacy laws in development
- Is available as an annual subscription with unlimited users across an organisation
- Gives the option to access our content via a privacy management system
Who it's for
Our trusted content has been designed to help organisations reduce their external legal spend and save time in understanding how global data protection and privacy obligations impact their businesses.
How it helps
We work with leading counsel across the globe to negotiate detailed memoranda of law which we provide alongside practical colour-coded extracts.
The detail is there for those who need it, and made available in summary format for those who don't.
I'm part of the team of lawyers who work on Rulefinder Data Privacy. Before joining aosphere I worked in-house, fielding questions from the business on global activities. I wish that I’d had access to this service then. As a team we’re careful to design analysis that will translate into business friendly answers.
Simon Mynard
aosphere Senior Associate, London
Product features
Jurisdictions covered
Austria, Belgium, Cyprus, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Luxembourg, Netherlands, Norway, Poland, Portugal, Romania, Russian Federation, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom
Algeria, Angola, Bahrain, Egypt, Ghana, Israel, Ivory Coast, Kenya, Lebanon, Morocco, Nigeria, Oman, Qatar, Saudi Arabia, South Africa, UAE and UAE (DIFC)
Argentina, Brazil, Canada, Cayman Islands, Chile, Colombia, Costa Rica, Mexico, United States (Federal and State by State) and Uruguay
Alabama, Arizona, Arkansas, Colorado, Connecticut, District of Colombia, Florida, Guam, Hawaii, Illinois, Indiana, Kansas, Kentucky, Maine, Maryland, Michigan, Minnesota, Missouri, Montana, Nevada, New Hampshire, New Mexico, New York, North Dakota, Ohio, Oregon, Pennsylvania, Rhode Island, South Carolina, Tennessee, Texas, Utah, Vermont, Virginia, Washington, West Virginia and Wyoming
Australia, Bangladesh, China, Hong Kong SAR, India, Indonesia, Japan, Malaysia, New Zealand, Pakistan, Philippines, Singapore, South Korea, Taiwan, Thailand and Vietnam
View sample content
Rulefinder Data Privacy team
Our information is managed by experienced data privacy lawyers.
Real life, practical data privacy challenges drive everything we do.
Main topics covered
aosphere senior lawyers have identified key questions and scenarios for local counsel to consider.
Topics
- Sanctions and regulator approach to enforcement
- Organisation level detailed requirements – regulator registration, data protection officers, CISOs, compliance programmes, privacy policies, processing registers
- Data privacy in the workplace - we provide FAQs on key data privacy issues that arise across the employee lifecycle (e.g. at recruitment, during employment, and when the employment relationship has ended). Learn more about our employment practical FAQs here
- Consent – whether consent is needed, and how to validly request consent. Consideration of what constitutes valid consent in a range of scenarios, e.g. incentive given for consent, discounts, provision of goods or services. Valid ways to indicate content, e.g. pre-completed electronic tick box, implied consent
- Privacy notice – when required, what information to provide and when
- Individual choice and data subject requests - what requests to comply with, action and timelines to comply with access, objection, deletion, rectification, portability and more. Plus what happens when consent is withdrawn
- Privacy assessment / DPIAs - when required / how to do them
- Data transfer and localisation rules – how to transfer intra-group, to third parties domestically or cross-border, what contract terms are needed, whether you can sell data. Learn more about our data transfer coverage here.
- Breach response – what to do: notify the regulator or individual, how to notify, what else to do and the sanctions for failing to notify
- Service providers
- Direct Marketing - how you can collect customer data, when you need consent to send marketing communications. Learn more about our direct marketing practical FAQs here.
- Additional bank secrecy and outsourcing content is available for financial institutions
Read more on our coverage of direct marketing, international data transfers, and employment.
Legislation
We cover data protection and privacy laws around the world, including:
- European General Data Protection Regulation (GDPR)
- EU e-Privacy Directive
- US Federal Trade Commission Act (FTC Act)
- US Children’s Online Privacy Protection Act (COPPA)
- At US State Level, data privacy laws analysed include California Consumer Privacy Act (CCPA) and California Erasure Law
- China Personal Information Protection Law (PIPL)
- Singapore Personal Data Protection Act 2012 and Personal Data Protection (Amendment) Act 2020, Cybersecurity Act (No. 9 of 2018)
A Rulefinder Data Privacy subscription includes:
Breach Response App
When it comes to data breach, the conventional wisdom is when, and not if, an organisation will suffer a data breach. Notifying the regulator and affected individuals in accordance with local law requirements is a key part of every organisation’s breach response plan. Correct handling of data breach notification requirements can avoid fines and other sanctions which can run into millions of dollars, and minimise reputational damage.
When breach notification rules vary across the globe, and the lack of a single rule book, together with the short time frame for reporting, makes keeping on top of breach notification requirements challenging. For example, in the United States, breach notification laws vary across all 50 US states.
Our Breach Response application pulls together the breach notification reporting requirements in 50+ jurisdictions and all US states, and highlights in an instance when there is a requirement to notify the regulator or affected individuals and applicable time limits.
View sample content from the Breach Response App (also available during a free trial).
Horizon Scanning and Sanctions Tracking
Viewing and comparing data privacy obligations at individual jurisdiction level is vital, but we also know that in-house teams need to see and track developments globally. We monitor for global developments on a daily basis and consolidate legal analysis into user friendly tracker documents, covering:
- Privacy Law Developments – in one excel document, users can filter and search our horizon scanning tool which tracks forthcoming data protection and privacy law developments. Helps in-house teams stay on top of compliance, as jurisdictions move increasingly towards a GDPR style of privacy regulation.
- Sanctions Tracking – we track examples of regulatory censures across 55+ jurisdictions, including the EU and the United States. Subscribers can access sanctions information in one place, with the ability to filter on the jurisdiction, regulatory authority type of sanction, plus a summary and topic of the action taken
Schrems II Toolkit
With so much noise surrounding Schrems II, it can be hard to track the latest regulatory guidance and understand the implications. Our Schrems II Toolkit analyses and brings together the latest regulatory guidance in one place, colour-coded based on impact.
Designed and managed by senior lawyers, the toolkit provides:
- Curated summaries of the latest fines and other enforcement decisions relevant to Schrems II, with links through to the underlying decision/commentary
- Considered analysis: the Schrems II Toolkit and our email alerting service is managed by senior lawyers who consider the impact of something, before explaining it and publishing it for subscribers
- A detailed but user-friendly resource to navigate regulatory guidance on Schrems II, including:
- a practical 6-step workflow to help a user implement European guidance
- a template international data mapping table - a list of transfer impact assessment questions to be shared with the data importer (regarding the data importer itself, and the relevant legal and practical issues in the recipient jurisdiction), and
- a list of key legal and practical issues affecting specific recipient jurisdictions (to support third country legal analyses), wherever a regulator or other authority has published a legal study on that jurisdiction (currently covering India, Russia, China and the USA).
Territorial Scope View
This proprietary application considers key fact patterns, e.g. where your organisation processes data, where individuals are located, where your organisation has a presence, and governing law of relevant contracts.
Subscribers can input scenarios to build a picture of which jurisdiction(s) rules are relevant and need to be considered further.
Sample results...
From these sample fact pattern results you can see that the report will show you the headlines in terms of application of laws, while the expandable comments [c] and full reports for each jurisdiction clarify the exact scenarios in which local rules apply to aid practical compliance.
This helps determine which jurisdictions require further analysis within Rulefinder Data Privacy.
Access our expert legal analysis
We want to give our clients choice over how they access our legal analysis.
That's why we are seeking out collaboration with data privacy technology providers who can integrate our global legal content directly into privacy management systems.