GDPR Matchup Series
This series looks at global laws and matches them up against the GDPR, with an aim of helping determine how much duplication of operational effort that may be avoided while moving toward GDPR compliance.
This series provides a comparative, practical lens for understanding how data protection laws around the world align with and diverge from the GDPR, helping organizations anticipate operational overlap, minimize redundant compliance efforts, and identify where local obligations require distinct approaches. The series highlights both shared principles and critical points of differentiation in areas such as legal bases for processing, individual rights, cross‑border transfer requirements, enforcement models, and breach‑notification standards.
Through these structured matchups, readers gain a clearer view of how global privacy regimes map onto GDPR expectations, and where harmonization or divergence may shape their compliance strategies.
Series Overview
APEC Privacy Framework and Cross-Border Privacy Rules
This article compares the APEC Privacy Framework and its Cross‑Border Privacy Rules system with the GDPR, highlighting differences in enforcement, accountability, and cross‑border data transfer mechanisms.
View article
Argentina’s draft Data Protection Act
This article analyzes Argentina’s proposed Data Protection Act in relation to the GDPR, examining parallels in data subject rights, legal bases for processing, and international transfer requirements.
View article
Australia's Privacy Act 1988
This article reviews how Australia’s Privacy Act aligns with and diverges from the GDPR, focusing on consent standards, enforcement powers, and the scope of regulated entities.
View article
Brazil's General Data Protection Law
This article compares Brazil’s LGPD with the GDPR, emphasizing their shared principles, differences in legal bases, and approaches to enforcement and data subject rights.
View article
California Consumer Privacy Act 2018
This article contrasts the CCPA with the GDPR, examining distinctions in consumer rights, definitions of personal information, and regulatory enforcement.
View article
Canada's Personal Information Protection and Electronic Documents Act
This article evaluates PIPEDA against the GDPR, assessing differences in consent requirements, accountability mechanisms, and the treatment of cross‑border data flows.
View article
China’s Cybersecurity Law
This article compares China’s Cybersecurity Law with the GDPR, focusing on data localization mandates, security obligations, and the scope of governmental oversight.
View article
Hong Kong’s Personal Data (Privacy) Ordinance
This article analyzes how Hong Kong’s PDPO aligns with the GDPR, highlighting contrasts in enforcement strength, breach notification requirements, and data subject rights.
View article
Japan’s Act on the Protection of Personal Information
This article examines APPI in relation to the GDPR, assessing similarities in principles and key rights, as well as differences in cross‑border transfer rules and regulatory powers.
View article
Mexico's Federal Data Protection Law Held by Private Parties and its Regulations
This article compares Mexico’s privacy framework with the GDPR, reviewing differences in consent, data controller obligations, and sanctions for noncompliance.
View article
New Zealand's Privacy Act 1993
This article evaluates New Zealand’s Privacy Act alongside the GDPR, focusing on contrasts in individual rights, breach reporting, and the act’s overall scope.
View article
Philippines’ Data Privacy Act and its Implementing Rules and Regulations
This article analyzes the Philippines’ Data Privacy Act and its implementing rules against the GDPR, comparing regulatory structures, consent mechanisms, and data protection principles.
View article
Singapore’s Personal Data Protection Act
This article contrasts Singapore’s PDPA with the GDPR, emphasizing differences in enforcement authority, mandatory breach reporting, and data subject rights.
View article
South Africa's Protection of Personal Information Act
This article compares POPIA with the GDPR, highlighting common principles as well as distinctions in enforcement, processing limitations, and conditions for lawful processing.
View article
Turkey's Data Protection Law
This article examines Turkey’s Data Protection Law in relation to the GDPR, noting areas of alignment on core principles and points of divergence in rights and enforcement.
View article
US Children's Online Privacy Protection Act
This article reviews COPPA through a GDPR lens, contrasting their approaches to children’s data, consent requirements, and scope of applicability.
View article
US financial privacy laws
This article analyzes key U.S. financial privacy laws—such as GLBA—against the GDPR, examining differences in sector‑specific regulation, consumer rights, and enforcement models.
View article
US Health Insurance Portability and Accountability Act
This article compares HIPAA’s health data protections with the GDPR, focusing on consent, data subject rights, and differing scopes of application.
View article
US state data breach laws
This article surveys U.S. state data breach notification laws and compares them to the GDPR’s unified breach framework, highlighting differences in timelines, thresholds, and enforcement.
View article
This content is eligible for Continuing Professional Education credits. Please self-submit according to CPE policy guidelines.
Submit for CPEs
