Global Data Privacy: GDPR, CCPA, and Beyond

Mat Keep


Data privacy is on everyone's mind and for many reasons. Cyber-crime is forecast to cost the global economy $6 trillion by 2021, up from $3 trillion in 2016. Research from IBM estimates that over 11.5 billion customer records were breached (lost or stolen) between 2015 and 2018, with the average breach lasting 279 days.

It is completely understandable that there’s growing public concern for the safety of all of our personal data. But this is not just a concern for the general public. Accenture research(PDF) revealed that 90% of business leaders cite a trustworthy digital economy as essential for their company’s future growth.

How are Governments Responding?

It’s against this backdrop that governments around the world are readying new, more stringent privacy regulations. Of course data privacy laws are not new. But it was the European Union’s (EU) General Data Protection Regulation (GDPR) regulation introduced in 2018 that raised the bar in personal data protection. Under the GDPR, protection and privacy of individuals – “data subjects” in GDPR terminology – became not just a legal obligation placed on organizations collecting and processing personal data, but also entrenched data privacy as a fundamental human right of all individuals in the EU.

Since the GDPR’s introduction, other state and federal governments around the world have started to enact similar regulations. The California Consumer Privacy Act (CCPA), to be implemented from January 1 2020, borrows many concepts from the GDPR. Similarly Brazil’s General Data Protection Law (GDPL) and Japan’s amendments to it’s existing Act on the Protection of Personal Information have followed suit. South Africa, Australia, New Zealand, Israel, and Middle Eastern states are all moving towards EU-style regulation.

While specific regulations vary across individual jurisdictions, the commonalities to GDPR include defined requirements and controls that govern how organizations collect, store, process, retain, and share the personal data of individuals.

How can I Learn More?

We get asked a lot what all of this means for an organization’s data management landscape. To help answer that question we’ve put together a new whitepaper which explores some of the key requirements mandated for data protection.

We’ve used the GDPR as the point of reference, reflecting its status as the “gold standard” upon which many other countries are basing their own data privacy regulations, illustrating some of the key differences with the CCPA along the way. The paper then goes on to discuss how you can apply MongoDB’s security controls, DevOps tools, and services to help accelerate your path to compliance.

In the paper, we’ll cover:

  • How MongoDB’s authentication and authorization mechanisms provide the requisite access controls and pseudonymization of personal data.
  • Using our new Client-Side Field Level Encryption can help you comply with a citizen’s “right to be forgotten” (aka “right to erasure”).
  • Demonstrate how MongoDB Atlas Global Clusters support data sovereignty requirements.
  • With our schema visualization, auditing, and monitoring tools you can discover and track how personal data is being used through your MongoDB applications.

Download the paper to get started.