Big businesses risk falling foul of international data protection laws as governments around the world take a tougher approach to privacy.
Countries including Korea,Japan and China are introducing tough new privacy laws which frequently contradict the approach taken by European companies to data protection,a leading law firm has warned.
Multinational companies have already been fined hundreds of thousands of dollars after unwittingly breaching data protection laws in Japan and Korea,according to Karin Retzer,partner at law firm Morrison and Foerster(MoFo).
"Companies tend to take a fairly UK or EU-centric view.They assume that if they comply with their own local laws they are fine.That is no longer correct,"she said in an interview with Computer Weekly.
In many cases,data protection laws outside Europe contradict EU data protection regulations,making compliance across multiple jurisdictions difficult.
Retzer advised multinationals to create a single data protection policy that will cover the basic data protection requirements of each country they operate in.
"You need to look for the common denominator.Multinational organisations don't have the resources,and it is not wise from a customer relations and employee relations point of view,to have different procedures in different countries,"she said.
However companies cannot assume that complying with basic data protection standards will be enough to protect them from regulatory action if there is a complaint.
"In Europe,if you have the main elements in place and are prepared to address concerns raised by individuals and regulators,that's fine.But in some Asian countries,particularly Korea,that is not necessarily the case,"she said.
Companies should take a risk-based approach,by putting in more safeguards in countries where they have more staff,or regulators are more aggressive,advised Retzer.
"It's a good idea to ensure you have access protection,and encryption of data,at least in transit and on storage services.And you have to be careful how you select third parties which share your information,"she said.
In Europe,businesses can simplify data protection governance by using data protection laws from one EU state across Europe.
The European Union is developing EU adequacy statements that will make it easier for companies to transfer data overseas.
However,their introduction is likely to be several years away.
