Why multinationals prefer to take GDPR as baseline for global compliance?

Rolling out General Data Protection Regulation (GDPR) compliance framework as a standard can be operationally simpler for global organisations and may also help to reduce the level of privacy risk, including in non-EU countries, said an industry expert.

  “The GDPR’s strict requirements on data breach handling are well known, in particular, the requirement to report personal data breaches to regulators within 72 hours of becoming aware (unless the breach is unlikely to result in a risk). Depending on the level of risk, breaches may also need to be notified to individuals,” Joanna de Fonseka, Senior Associate for Technology/Commercial at Baker McKenzie Habib Al Mulla, told TechRadar Middle East.

GDPR was introduced in May 2018 and it has had a significant impact on personal data protection.

According to law firm DLA Piper, GDPR has led to over 160,000 data breach notifications across Europe and has imposed about $126 million in fines under the GDPR regime till January for a wide range of GDPR infringements, not just for data breaches.

France, Germany and Austr