--- title: "Understanding Global Data Compliance Laws in 2023 | DuoCircle" description: "Understanding Global Data Compliance Laws in 2023." image: "https://www.duocircle.com/images/og-default.png" canonical: "https://www.duocircle.com/blog/data-privacy/understanding-global-data-compliance-laws-in-2023/" --- Quick Answer Global data compliance in 2023 centers on three frameworks that set the template for most others: the EU's GDPR (covers any organization processing EU resident data, fines up to 4 percent of global revenue), California's CCPA/CPRA (consumer rights to know, delete, and opt out of data sales), and the US HIPAA (PHI handling for covered entities and business associates). Other regimes layer on top: Brazil's LGPD, Canada's PIPEDA, China's PIPL, India's DPDP Act, and over 30 US state-level laws. Common requirements across regimes: lawful basis or consent for collection, data subject rights (access, deletion, portability), breach notification within 72 hours (GDPR) or comparable windows, vendor due diligence, and cross-border transfer controls. Organizations operating internationally typically build to the strictest applicable standard and apply it globally. Understanding Global Data Compliance Laws in 2023 Your browser does not support the audio element. [ Download episode](https://media.mailhop.org/duocircle/images/2023/11/Understanding-Global-Data-Compliance-Laws-in-2023.mp3) Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fdata-privacy%2Funderstanding-global-data-compliance-laws-in-2023%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Understanding%20Global%20Data%20Compliance%20Laws%20in%202023&url=undefined%2Fblog%2Fdata-privacy%2Funderstanding-global-data-compliance-laws-in-2023%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fdata-privacy%2Funderstanding-global-data-compliance-laws-in-2023%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fdata-privacy%2Funderstanding-global-data-compliance-laws-in-2023%2F&title=Understanding%20Global%20Data%20Compliance%20Laws%20in%202023 "Share on Reddit") [ ](mailto:?subject=Understanding%20Global%20Data%20Compliance%20Laws%20in%202023&body=Check out this article: undefined%2Fblog%2Fdata-privacy%2Funderstanding-global-data-compliance-laws-in-2023%2F "Share via Email") ![Global Data](https://media.mailhop.org/duocircle/images/2023/11/spf-validator-9632.jpg) The responsibility of handling data comes with its own intricacies, but adhering to global data compliance laws makes the situation a bit sorted. By sorted, we don’t mean easy, but rather uniform. These laws are introduced to safeguard the **privacy of customers and users** while ensuring companies run their operations using the requisite details and documents. Moreover, adhering to these laws and best practices reflects your concern about [cybersecurity](/), which consequently boosts your image as a responsible and trusted company. We have gathered this guide on global [data compliance](https://sprinto.com/blog/what-is-data-compliance/) laws to help you safely expand your clientele across borders while cohering to legislation. Discover how these regulations ensure **responsible data handling** and safeguard customer privacy. We explore key laws, including GDPR, CCPA, and HIPAA, and discuss their implications. _Learn about the complexities of data compliance, such as varying penalties and jurisdiction issues, which businesses need to navigate when expanding._ Stay informed with our concise guide on this **critical topic**. ## What is Data Compliance and Why is it Important? Data compliance is the process of considering legislation and governance to oversee [data privacy](/email-security/data-privacy-and-protection-11-ways-to-protect-user-data/). In simpler words, it instructs you on **how to handle the data** within your organization. This involves handling and administrating information tied to consumer privacy, data security, and data storage requirements. It also includes applying measures for [phishing protection](/email/phishing-protection) and addressing [cyber attacks](https://www.bbc.com/news/uk-england-manchester-67228223) in order to prevent and alleviate their impact. **Consumer data** is beyond just contact details, and humans are linked with every piece of information companies store in their databases. Thus, it’s vital to ensure [malicious actors](https://www.hipaajournal.com/malicious-actors-increasingly-targeting-cloud-services-in-healthcare-cyberattacks/) don’t get their hands on it. [![Phishing email](https://media.mailhop.org/duocircle/images/2023/11/spf-record-generator-6387.jpg)](https://media.mailhop.org/duocircle/images/2023/11/spf-record-generator-6387.jpg) There is no doubt that businesses run on a database, and it is extremely valuable for operations, strategizing, and scalability through enhanced [user experience](https://www.liferay.com/resources/l/user-experience). Thus, data security laws across the world are constituted to protect the privacy of everyday people as well as the security of a **brand’s digital data assets**. [GDPR, short for General Data Protection Regulation](https://www.techtarget.com/whatis/definition/General-Data-Protection-Regulation-GDPR), is regarded as the **toughest privacy and data security law** worldwide that was initially drafted and passed by the European Union. It obligates companies **anywhere in the world** if they target or collect data of EU citizens. Despite the fact that GDPR has established itself as a statutory, but a substantial ratio of organizations are still unsure of the specific data legislation meant for them. _The parties involved and affected by data compliance legislation are data subjects, data controllers, and data processors._ **Data subjects** are individuals whose personal information is stored, retrieved, retained, traded, or handled by an organization. If you send emails, your data subjects encompass your recipients, which includes anyone whose email address you maintain in your records. **Data controllers** evaluate the purpose and means by which [sensitive data](/email-security/9-best-practices-to-manage-sensitive-data-carefully/) is processed. Lastly, **data processors** carry out the actual processing of the data. ## Consumer Privacy Laws Here are the **three data guiding rules** that are implicated for businesses based out of the US: ### General Data Protection Regulation (GDPR) The GDPR marks a groundbreaking shift in **data rights protection** by tuning in transparency and individual data control. It enforces [substantial penalties for breaches](https://indianexpress.com/article/explained/explained-economics/facebook-meta-data-privacy-advertising-fine-explained-8362699/) and operates on the principle that individuals entrust their data to service providers rather than giving it away at sign-up. _Its primary aim is to provide the highest level of protection to consumers._ Important points to keep in mind: - Enforced starting from May 25, 2018. - It standardizes data protection regulations across the European Union. - It applies to any business that handles data of EU citizens, **regardless of their location**. [![GDPR](https://media.mailhop.org/duocircle/images/2023/11/sendgrid-alternative-2.jpg)](https://media.mailhop.org/duocircle/images/2023/11/sendgrid-alternative-2.jpg) ### California Consumer Privacy Act (CCPA) The [California Consumer Privacy Act](https://www.investopedia.com/what-is-the-california-consumer-privacy-act-4780212) shields the rights of individuals based out of California. GDPR-compliant organizations don’t require significant efforts in adhering to the CCPA law. It empowers consumers with **rights to access, delete, and opt out** of the sales of their information. _They are also allowed to demand to understand what data businesses collect and how it’s used_. It mandates businesses meeting certain criteria to be transparent about their data practices and imposes penalties for non-compliance. The compliance law imposes a strong precedent for data privacy laws worldwide. This underlines the necessity of individual data protection and the [requirement for businesses](https://www.techtarget.com/searchcustomerexperience/news/252485949/CCPA-regulation-enforcement-begins-Salesforce-an-early-target) to respect their **customers’ privacy rights**. Important points to keep in mind: - Enforced starting from Jan 1, 2020. - It standardizes data protection regulations **across California** state. - CCPA applies to any business that handles data of Californian residents citizens. Businesses subject to the CCPA must provide clear and accessible [opt-out guides](https://blog.incogni.com/opt-out-guides/) to enable consumers to easily exercise their right to opt out of the sale of their personal information. This underlines the necessity of individual data protection and the requirement for businesses to respect their customers’ privacy rights. ### Health Insurance Portability and Accountability Act (HIPAA) The Health Insurance Portability and Accountability Act is an important piece of **healthcare legislation** in the United States. Enacted in 1996, HIPAA serves as a safeguard for the privacy and security of individual’s health information. _Its primary objectives are to ensure the portability of health insurance coverage for employees, even when changing jobs, and to establish stringent standards for the protection of [sensitive patient data](https://www.databreaches.net/update-sensitive-patient-data-leaked-from-transform-ransomware-incident/)._ HIPAA places strict requirements on healthcare providers, health plans, and healthcare clearing houses to maintain the **confidentiality of patient records** and regulate the transfer of medical information. It also empowers patients by granting them certain rights to access and control their [health information](https://www.scmagazine.com/news/personal-data-for-11-million-patients-stolen-from-nationwide-healthcare-chain). HIPAA plays a crucial role in maintaining the integrity and confidentiality of healthcare data, promoting trust between patients and healthcare providers, and upholding the privacy and security of sensitive medical information. ## Compliance Laws’ Limitations Not all legislations are created equally, and this creates an issue for businesses trying to expand to **other states and countries**. Here’s what you need to bear in mind- ### Data Jurisdiction It doesn’t matter where your company is based out of; what matters is the **location of the data subjects**. ### Data Impact [Small-scale organizations](/phishing-protection/the-terrible-price-small-businesses-pay-for-a-data-breach/) **need not be** represented in legislation. ### Penalties The [fines for violations lack uniformity](https://www.csoonline.com/article/567531/the-biggest-data-breach-fines-penalties-and-settlements-so-far.html), as they vary between different authorities. Some impose penalties based on a percentage of the **company’s net turnover**, whereas others assess fines on a per-affected subject basis for [each breach](/email-security/microsoft-email-attacks-an-inside-look-at-the-outlook-breach/). ## Final Words [Prioritizing data compliance](/msp-email-security/how-msps-can-make-sure-they-adhere-to-compliance-requirements-for-themselves-their-clients/) comes with some challenges and limitations. It’s suggested to keep yourself informed of the updates or outsource the responsibility to a **specialized team**. ## Topics NewsSecurityTrends ![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) Brad Slavin General Manager General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio. ## Secure your email infrastructure Protect, authenticate, and deliver. Contact our team to find the right solution. [Contact Sales](/contact/) [Explore Products](/products/) ## Related Articles [ Privacy 6m Top Cybersecurity Challenges that Will Plague the 2024 US Elections Mar 27, 2024 ](/blog/data-privacy/top-cybersecurity-challenges-that-will-plague-2024-us-elections/)[ Privacy 6m AI Models Are Stealing Your Passwords By Listening To Your Keyboard Oct 20, 2023 ](/blog/data-privacy/ai-models-are-stealing-your-passwords-by-listening-to-your-keyboard/)[ Privacy 5m Are MortalKombat Ransomware and Tengyun Snake Attacks Emerging Email Threats? Jul 20, 2023 ](/blog/data-privacy/are-mortalkombat-ransomware-and-tengyun-snake-attacks-emerging-email-threats/)[ Privacy 3m Check Point Research Q1 2024 Results- Microsoft, Google, and Linkedin Topped the List; Airbnb is a New Entry Apr 18, 2024 ](/blog/data-privacy/check-point-research-q1-2024-microsoft-google-linkedin-lead-airbnb-joins/) ```json {"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}} ``` ```json [{"@context":"https://schema.org","@type":"BlogPosting","headline":"Understanding Global Data Compliance Laws in 2023","description":"Understanding Global Data Compliance Laws in 2023.","url":"https://www.duocircle.com/blog/data-privacy/understanding-global-data-compliance-laws-in-2023/","datePublished":"2023-11-08T19:48:49.000Z","dateModified":"2025-04-10T15:45:21.000Z","dateCreated":"2023-11-08T19:48:49.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/data-privacy/understanding-global-data-compliance-laws-in-2023/"},"articleSection":"data-privacy","keywords":"News, Security, Trends","wordCount":1065,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2023/11/spf-validator-9632.jpg","caption":"Global Data","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"Privacy"},{"@type":"ListItem","position":3,"name":"Understanding Global Data Compliance Laws in 2023","item":"https://www.duocircle.com/blog/data-privacy/understanding-global-data-compliance-laws-in-2023/"}]}] ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"Privacy","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"Understanding Global Data Compliance Laws in 2023","item":"https://www.duocircle.com/blog/data-privacy/understanding-global-data-compliance-laws-in-2023/"}]} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Understanding Global Data Compliance Laws in 2023","description":"Understanding Global Data Compliance Laws in 2023.","url":"https://www.duocircle.com/blog/data-privacy/understanding-global-data-compliance-laws-in-2023/","datePublished":"2023-11-08T19:48:49.000Z","dateModified":"2025-04-10T15:45:21.000Z","dateCreated":"2023-11-08T19:48:49.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/data-privacy/understanding-global-data-compliance-laws-in-2023/"},"articleSection":"data-privacy","keywords":"News, Security, Trends","wordCount":1065,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2023/11/spf-validator-9632.jpg","caption":"Global Data","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ```