Light Dark
November 14, 2016 By Larry Loeb 2 min read

For the last five years, Forrester has issued a heat map illustrating the privacy protection guidelines and practices of 54 different countries. It brings to light some overall trends that are emerging on the global scale.

Contradicting Trends

There are two seemingly contradictory trends. While governments increased protection of personally identifiable information (PII) for their citizens in the commercial area, they also made it easier for law enforcement to obtain this same information.

SecurityWeek noted that the European Union’s (EU) General Data Protection Regulation (GDPR) exemplifies this contradiction. These regulations strictly control how enterprises use PII; simultaneously, the EU is introducing new surveillance legislation that will greatly increase the government’s ability to monitor its citizens.

Some of these trends may not be readily apparent to those outside the EU. The Netherlands and Finland, for example, have the most restrictive privacy regulations in place, according to the heat map. Those countries are quick to hold a business accountable for improper PII use within the enterprise, but they are also enacting laws that enable their governments to perform surveillance on citizens.

“The balance between security intelligence and personal privacy continues to pit governments against citizens,” Forrester analyst Chris Sherman wrote in Forbes.

Preliminary Preparations for Privacy Protection

Forrester found that other countries were using the European standard as the model for their own legislation on data privacy. Some countries even established new governmental bodies to enforce privacy, such as Japan with its Privacy Protection Commission.

Additionally, enterprises expect the GDPR to affect business on a global scale. The GDPR will apply to foreign companies that do business in the EU or collect EU residents’ data. That means the EU can penalize foreign firms for noncompliance once the compliance date has passed.

South Korea followed the GPDR spirit in March by imposing stiff penalties on telecommunications companies and online service providers for privacy violations. This shows that foreign companies that do business in the EU are trying to establish conformance with the GPDR — despite not being directly governed by those regulations — so that their business can continue and grow in the new environment.

U.S. companies doing business in the EU will surely be affected as well. Companies will have to rethink and retool their data privacy practices to continue to do business in the EU; that will be true no matter where a company is based.

May 2018 is the deadline for full compliance with GDPR.

 | 
Larry Loeb
Principal, PBC Enterprises

More from

March 4, 2025

FYSA — VMware Critical Vulnerabilities Patched

< 1 min read - SummaryBroadcom has released a security bulletin, VMSA-2025-0004, addressing and remediating three vulnerabilities that, if exploited, could lead to system compromise. Products affected include vCenter Server, vRealize Operations Manager, and vCloud Director.Threat TopographyThreat Type: Critical VulnerabilitiesIndustry: VirtualizationGeolocation: GlobalOverviewX-Force Incident Command is monitoring activity surrounding Broadcom’s Security Bulletin (VMSA-2025-0004) for three potentially critical vulnerabilities in VMware products. These vulnerabilities, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, have reportedly been exploited in attacks. X-Force has not been able to validate those claims. The vulnerabilities…

February 21, 2025

SoaPy: Stealthy enumeration of Active Directory environments through ADWS

10 min read - Introduction Over time, both targeted and large-scale enumeration of Active Directory (AD) environments have become increasingly detected due to modern defensive solutions. During our internship at X-Force Red this past summer, we noticed FalconForce’s SOAPHound was becoming popular for enumerating Active Directory environments. This tool brought a new perspective to Active Directory enumeration by performing collection via Active Directory Web Services (ADWS) instead of directly through Lightweight Directory Access Protocol (LDAP) as other AD enumeration tools had in the past.…

February 14, 2025

Smoltalk: RCE in open source agents

26 min read - Big shoutout to Hugging Face and the smolagents team for their cooperation and quick turnaround for a fix! Introduction Recently, I have been working on a side project to automate some pentest reconnaissance with AI agents. Just after I started this project, Hugging Face announced the release of smolagents, a lightweight framework for building AI agents that implements the methodology described in the ReAct paper, emphasizing reasoning through iterative decision-making. Interestingly, smolagents enables agents to reason and act by generating…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature