What you need to know about data privacy compliance
Learn how to safeguard personal information, stay compliant with global regulations, and build trust with customers.
According to the latest data from UNCTAD, 137 countries now have legislation protecting data and privacy, representing about 71% of nations globally. Also, 9% are working on draft laws, meaning approximately 80% of countries are actively involved in regulating personal data protection.
GUIDE
Why data protection and privacy matters
In a world where personal information is collected and commoditized all the time, people want more protection rights for their data. Various government agencies are recognizing demands and are stepping up to hold organizations more accountable.
Regulations are important because they help ensure personal data is used responsibly. They reduce the risks of identity theft, financial fraud, and other harmful actions. By following these rules, organizations can build trust with people, creating a safer environment. These laws also support the fundamental right of individuals to protect their personal information.
In the 2025 State of Physical Security Report, 67% of end users stated that their organization had been impacted by industry regulations, a large swing from 2023, where only 13% answered yes.
Learn about the newest privacy laws in various regions around the world, and what you can do to keep your physical security data protected.
The latest privacy legislations around the world
The General Data Protection Regulation (GDPR) was one of the first official data protection acts in Europe. Since then, countries, states, and regions have followed suit, enacting their own legislation to give people power over their data. Also, making sure organizations are being held accountable for their data use practices.
Global privacy laws are only growing. While you might think you’re doing everything right to comply with data protection and privacy mandates, it’s important to stay up to date because legislations are continuously evolving.
Here are some of the most recent privacy legislations:
In Thailand, the Personal Data Protection Act 2019 came into full effect on June 1, 2022. It’s the very first law dedicated specifically to data privacy in the country and is heavily influenced by the GDPR, where non-compliance can cost organizations up to 4% of global turnover and even jail time.
Key obligations include getting consent for data processing, preventing unauthorized access to personal data, transferring data only to countries with high privacy standards, and respecting user rights.
In Canada, the Digital Charter Implementation Act (DCIA) 2022, now known as Bill C-27, proposes reform to the existing Personal Information Protection and Electronic Document Act (PIPEDA), with three pieces of legislation. These include the Consumer Privacy Protection Act (CPPA), the Personal Information and Data Protection Tribunal Act (PIDPTA), and the Artificial Intelligence and Data Act (AIDA).
While the DCAI 2022 has been tabled for now, the changes will impact Canada's private sector privacy law and provide new rules for the responsible development and deployment of artificial intelligence (AI).
Staying a step ahead, the province of Quebec has enacted their own comprehensive framework: An Act to modernize legislative provisions for the protection of personal information. For organizations, the new provisions include everything from designating a person in charge of data protection and reporting confidentiality incidents to the Commission d’accès à l’information (CAI) du Québec, to notifying the CAI before implementing any biometric technologies.
In the US, the California Consumer Privacy Act was the first and most forward-thinking privacy legislation in the country. Its expansion, the California Privacy Rights Act (CPRA), officially came into effect in January 2023, further strengthening consumer privacy protection.
Other states including Utah, Colorado, Connecticut, Virginia, Pennsylvania, New Jersey, and Ohio, have also followed suit, having either implemented their own laws or are currently in the process of passing new privacy regulations.
Most recently, the American Data and Privacy Protection Act (ADPPA) went under review in the United States. This aims to provide a first-ever, federally mandated data privacy framework for the country.
In Europe, alongside the GDPR, the Network and Information Systems Directive (NIS2) expands on the original NIS1 directive to enhance cybersecurity requirements. It applies to organizations considered essential infrastructure and covers areas like perimeter security, building access, visitor management, and disaster recovery.
The European Union also has the Artificial Intelligence Act (EU AI Act), a regulation designed to oversee the development and use of AI systems. This legislation aims to ensure that AI in the EU is safe, transparent, traceable, fair, and sustainable. It classifies AI applications into risk levels and imposes penalties for non-compliance, which can reach up to 35 million euros or 7% of global annual revenue.
In the United Kingdom, the UK GDPR and the Data Protection Act 2018 are the main pieces of data protection legislation. But in late 2021, the UK government began re-assessing existing laws under a formal consultation called “Data: A new direction.” Months later, in July 2022, The Data Protection and Digital Information Bill (UK Data Reform Bill) was first introduced in the UK Parliament. The bill aims to make data protection laws simpler and more suited to the UK’s needs post-Brexit while still focusing on protecting personal data. It is currently going through the legislative process and could bring significant changes to how organizations handle data in the UK. They announced that reforms to the UK’s privacy legislation were on the horizon, stating:
“The reforms proposed in the consultation provide an opportunity for the UK to reshape its approach to regulation outside of the EU and seize opportunities with its new regulatory freedoms.”
These are a mere glimpse of the changes to international data privacy laws. From New Zealand and South Africa to Bahrain and India, countries in every corner of the world are taking privacy matters seriously and making amendments that organizations need to keep up with.
BLOG
Key principles of data protection
Data minimization, user consent, and transparency are key to global data protection laws like the GDPR and CCPA. These rules ensure that companies only collect the necessary personal information, obtain clear consent from individuals before using their data, and be transparent about how data is handled. By following these guidelines, organizations can protect privacy and meet legal requirements, avoiding risks like fines or legal challenges. The GDPR and CCPA set clear standards for these practices to help maintain trust and compliance.
“A company that does not comply with privacy and data protection laws, that does not adopt the necessary measures to safeguard the personal data it handles and stores, is a company that will end up losing the trust of its customers, its employees, its partners and, in the long run, it will result in economic losses.”
– Consultant, 2025 State of Physical Security Report, Genetec, Inc.
How your organization can protect physical security data
For your security team, protecting people and assets sometimes requires collecting personal data. This happens when using video surveillance, check-in kiosks, security checkpoints with biometrics technology, automatic license plate recognition, intrusion detection, and tracking systems.
While all data protection and privacy laws have unique mandates, it’s important to assess your data usage and the policies you have in place.
This can include asking questions such as:
- What types of data are we collecting?
- How are we collecting it?
- Where is all our data being stored?
- Who is accessing our data?
- With whom and how are we sharing our data?
6 tips for privacy compliance
 |
Keep up with industry and government privacy regulations to ensure the ways in which you manage, transmit, and store your physical security data always meet the standards. |
 |
Use built-in cybersecurity tools such as strong encryption to protect both data in transit and being stored. |
 |
Choose security products that give you full control and visibility over who has access to your data, and who can manage the accessibility. |
 |
Implement video anonymization tools to monitor and share physical security information while respecting individuals’ privacy. |
 |
Use privacy tools like secure cloud services and automated compliance systems to make it easier to follow changing regulations. |
 |
Hire a data protection officer to assess and oversee compliance with data practices and policies. |
Stay on top of compliance right from the start
If you’re shopping for a new physical security solution, you’ll want to consider options that have privacy integrated right from the start—known as Privacy by Design.
Privacy and cybersecurity should be the default mode of operation for all organizations. When your physical security solution is designed from the ground up with privacy in mind, you don't have to choose between protecting the privacy of individuals, and your organization’s physical security.
“People often approach security and privacy in a zero-sum manner. You can only have a positive gain in one area, always at the loss of the other. This either-or, win-lose, zero-sum model is so dated. Throw it out the window. The term privacy assumes a much broader scope of protection than security alone. If you don't have a strong foundation of security from end to end, with a full lifecycle of protection in this day in age of daily hacks, you're not going to have any privacy.”
– Dr. Ann Cavoukian, Executive Director at Global Privacy and Security by Design
How data privacy and cybersecurity go hand-in-hand
According to the 2025 State of Physical Security Report, 71% of respondents said that they are educating users on cybersecurity best practices, and 44% reported hardening their security infrastructure in 2024. While many already have cybersecurity and privacy measures deployed, cybersecurity concerns continue to rise and are a top factor slowing the adoption of new technology. In fact, 47% of IT respondents prioritized deploying cybersecurity tools in 2024.
Here are a few tools and strategies to keep your cyber hygiene strong
Invest in a unified security strategy: Using a unified platform, you won’t have to waste time checking different solutions to ensure cyber hygiene or track your system’s health status. Instead, you’ll be able to stay in control of the data from all your systems through a single interface.
Automate your video and data retention: Keeping sensitive information longer than you need goes against many new privacy laws and exposes your organization to unnecessary risk. Instead, automate retention schedules to track how long files are kept and ensure compliance with policies.
Simplify software and device maintenance: Invest in security solutions that alert you to software and firmware updates, so you always have the latest defense against vulnerabilities. Having a system that prompts you to automatically rotate passwords also helps strengthen cyber resilience.
Get in on privacy tools like Privacy Protector
The KiwiVision™ Privacy Protector module of Security Center ensures the privacy of individuals when monitoring or sharing video surveillance.
Privacy Protector dynamically masks the identity of individuals in live and recorded video. This way, your operators only see what they need to see, preventing unnecessary intrusions of privacy. Using permissions, you can also easily control which operator can review the original footage.
If an incident occurs, authorized operators with specified access rights can view the unmasked video directly from your Security Center platform. The original recording can also be encrypted using security certificates to prevent unauthorized access.
