DDI_WLD_2020_GDRD_v01_M_M_WB Development Data Group 2021-03-16 NADA V01 Global Data Regulation Diagnostic Survey Dataset 2021 GDRD 2021 WLD_2020_GDRD_v01_M World Bank Cheng Rong David Satola Adele Barzelay (c) 2021, World Bank NADA United States Agency for International Development World Development Report 2021 Rong Chen WDR 2021 Team Administrative Records, Other (ad/oth] - v2.1: Edited, anonymous dataset for public distribution. The Global Data Regulation Diagnostic provides a comprehensive assessment of the quality of the data governance environment. Diagnostic results show that countries have put in greater effort in adopting enabler regulatory practices than in safeguard regulatory practices. However, for public intent data, enablers for private intent data, safeguards for personal and nonpersonal data, cybersecurity and cybercrime, as well as cross-border data flows. Across all these dimensions, no income group demonstrates advanced regulatory frameworks across all dimensions, indicating significant room for the regulatory development of both enablers and safeguards remains at an intermediate stage: 47 percent of enabler good practices and 41 percent of good safeguard practices are adopted across countries. Under the enabler and safeguard pillars, the diagnostic covers dimensions of e-commerce/e-transactions, enablers further improvement on data governance environment. The Global Data Regulation Diagnostic is the first comprehensive assessment of laws and regulations on data governance. It covers enabler and safeguard regulatory practices in 80 countries providing indicators to assess and compare their performance. This Global Data Regulation Diagnostic develops objective and standardized indicators to measure the regulatory environment for the data economy across countries. The indicators aim to serve as a diagnostic tool so countries can assess and compare their performance vis-á-vis other countries. Understanding the gap with global regulatory good practices is a necessary first step for governments when identifying and prioritizing reforms. Afghanistan Angola Argentina Armenia Australia Bangladesh Benin Bolivia Brazil Burkina Faso Cambodia Cameroon Canada Chile China Colombia Congo, Dem. Rep. Côte d'Ivoire Dominican Republic Egypt, Arab Rep. Estonia Ethiopia Gabon Gambia Georgia Ghana Haiti Honduras India Indonesia Iran, Islamic Rep. Iraq Israel Jordan Kazakhstan Kenya Korea, Rep. Kyrgyz Republic Lao PDR Lebanon Liberia Madagascar Malawi Malaysia Mali Mauritius Mexico Moldova Morocco Myanmar Nepal Nicaragua Nigeria Oman Pakistan Papua New Guinea Peru Philippines Qatar Russian Federation Rwanda Saudi Arabia Senegal Sierra Leone Singapore South Africa Sri Lanka Tajikistan Tanzania Thailand Togo Tunisia Turkiye Uganda Ukraine United Arab Emirates United Kingdom Uruguay Uzbekistan Vietnam 80 countries Country Observation data/ratings [obs] The scope of the study includes: A. Safeguard rights in data flows and the (re)use of data 1. Legal basis for data protection Personal data protection/privacy 2. Lawfulness 3. Exceptions to limitations on data collection, processing and transfer 4. Consent 5. Purpose limitation, proportionality, data minimization 6. Data quality 7. Accountability 8. Sensitive personal data 9. Storage limitations 10. Privacy by design 11. Limitations on data sharing Intermediary liability 12. Definition of liability 13. Scope of liability 14. Due process Individual rights 15. Right to be notified of a data breach 16. Right to access and review use of personal data 17. Right to challenge accuracy and to rectification of personal data 18. Right to withdraw consent to data processing 19. Right to deletion of personal data (“right to be forgotten”) 20. Automated decisions 21. Redress 22. Institutional arrangements to enforce personal data protection Safeguards specific to non-personal data 23. Intellectual Property Rights 24. Net Neutrality Cybersecurity and cybercrime 25. Data security 26. Internal adoption of cybersecurity standards 27. Cybercrime: criminalized activities 28. Cybersecurity infrastructure and enforcement agency (CERT) Cross-border data flows 29. Data localization/local processing 30. Adequacy and mutual recognition arrangements 31. Regional integration and harmonization B. Enable data transactions/flows and the (re)use of data 32. Legal basis for e-commerce/transactions 33. Legal (functional) equivalence 34. E-Signature 35. Exceptions to e-signature 36. Certification authority (CA) for digital signatures 37. Technological neutrality 38. Data portability 39. Use, reuse, and sharing of public sector data 40. Primary ID system 41. ID credential 42. ID data verification 43. Digital ID system for online service access 44. Interoperability of data 45. Access to Information 46. Open data 47. Data classification Restrictions on use/reuse of public sector data 48. Intellectual Property Rights (IPRs) and licensing of public sector data 49. Sharing-friendly license 50. Data archiving and Digital preservation Use, reuse and sharing of private sector data 51. Data sharing regimes for private sector data 52. Role/mandate of antitrust authorities 53. Voluntary licensing of Intellectual Property Rights (IPRs) for private sector 54. Data-related codes of conduct Aliaksandra Tyhrytskaya Federico Cardenas Chacon Lillyana Sophia Daza Jaller New Doe Kaledzi Nicolas Conserva Paris Gkartzonikasm The diagnostic is based on a detailed assessment of domestic laws, regulations, and administrative requirements in 80 countries selected to ensure a balanced coverage across income groups, regions, and different levels of digital technology development. Data are further verified through a detailed desk research of legal texts, reflecting the regulatory status of each country as of June 1, 2020. Mail Questionnaire [mail] The questionnaire comprises 37 questions designed to determine if a country has adopted good regulatory practice on data governance. The responses are then scored and assigned a normative interpretation. Related questions fall into seven clusters so that when the scores are averaged, each cluster provides an overall sense of how it performs in its corresponding regulatory and legal dimensions. These seven dimensions are: (1) E-commerce/e-transaction; (2) Enablers for public intent data; (3) Enablers for private intent data; (4) Safeguards for personal data; (5) Safeguards for nonpersonal data; (6) Cybersecurity and cybercrime; (7) Cross-border data transfers. Standard questionnaires are used to collect the data and are completed mainly by lawyers specializing in data governance and information and communication technology (ICT) providing a detailed desk review of legal texts as of June 1, 2020. Unweighted 100% Cheng Rong Microdata Library Use of the dataset must be acknowledged using a citation which would include: - the Identification of the Primary Investigator - the title of the survey (including country, acronym and year of implementation) - the survey reference number - the source and date of download Example: World Bank. World-Global Data Regulation Diagnostic (GDRD) Survey Dataset 2021. Ref: WLD_2020_GDRD_v01_M. Downloaded from [url] on [date] The user of the data acknowledges that the original collector of the data, the authorized distributor of the data, and the relevant funding agency bear no responsibility for use of the data or for interpretations or inferences based upon such uses. enablers.dta This file contains data from Questionnaire Section B: Enable data transactions/flows and the (re)use of data The section focuses on legal requirements related to e-signature, data portability, interoperability, digital ID system, open data and other mechanisms to enable and promote the use, reuse and sharing of public and private sector data. 81 40 safeguards.dta This file contains data from Questionnaire Section A: Safeguard rights in data flows and the (re)use of data The following section focuses on legal requirements that protect fundamental rights in personal/mixed/sensitive data and commercial rights in non-personal data. Issues covered include data protection, cybersecurity/cybercrime, cross-border data flows and intermediary liability. 80 60 Country code Country code Country code Country code Country code 81 * Sysmiss Country name Country name Country name Country name Country name 81 Region name Region name Region name Region name Region name 81 East Asia & Pacific Europe & Central Asia Latin America & Caribbean Middle East & North Africa North America South Asia Sub-Saharan Africa WB Income group WB Income group WB Income group WB Income group WB Income group 81 High income Low income Lower middle income Upper middle income 1. E-Commerce:Legal basis for e-commerce/transactions 1. E-Commerce:Legal basis for e-commerce/transactions 1. E-Commerce:Legal basis for e-commerce/transactions 1. E-Commerce:Legal basis for e-commerce/transactions 1. E-Commerce:Legal basis for e-commerce/transactions 32. Legal basis for e-commerce/transactions Is there a law or regulation that explicitly governs e-commerce/e-transactions? 81 No Yes 2. E-Commerce:Legal(functional)equivalence 2. E-Commerce:Legal(functional)equivalence 2. E-Commerce:Legal(functional)equivalence 2. E-Commerce:Legal(functional)equivalence 2. E-Commerce:Legal(functional)equivalence 33. Legal (functional) equivalence Does any law include provisions that grant legal (functional) equivalence between paper-based and electronic communications, contracts, signatures and records? If yes, please mark below as appropriate and specify the relevant legal basis (law/regulation, article etc.): 81 No Yes E-Commerce:Electronic communications/ messages E-Commerce:Electronic communications/ messages E-Commerce:Electronic communications/ messages E-Commerce:Electronic communications/ messages E-Commerce:Electronic communications/ messages If yes, please mark below as appropriate and specify the relevant legal basis (law/regulation, article etc.): - Electronic communications/ messages 81 N/A No Yes E-Commerce:Electronic contracts E-Commerce:Electronic contracts E-Commerce:Electronic contracts E-Commerce:Electronic contracts E-Commerce:Electronic contracts If yes, please mark below as appropriate and specify the relevant legal basis (law/regulation, article etc.): - Electronic contracts 81 N/A No Yes E-Commerce:Electronic signatures E-Commerce:Electronic signatures E-Commerce:Electronic signatures E-Commerce:Electronic signatures E-Commerce:Electronic signatures If yes, please mark below as appropriate and specify the relevant legal basis (law/regulation, article etc.): - Electronic signatures 81 N/A Yes E-Commerce:E-evidence E-Commerce:E-evidence E-Commerce:E-evidence E-Commerce:E-evidence E-Commerce:E-evidence If yes, please mark below as appropriate and specify the relevant legal basis (law/regulation, article etc.): - E-evidence 81 N/A No Yes 3.1.E-Commerce:E-signatures legally recognized in your country - All leg sign. 3.1.E-Commerce:E-signatures legally recognized in your country - All leg sign. 3.1.E-Commerce:E-signatures legally recognized in your country - All leg sign. 3.1.E-Commerce:E-signatures legally recognized in your country - All leg sign. 3.1.E-Commerce:E-signatures legally recognized in your country - All leg sign. 34. E-Signature What types of electronic signatures are legally recognized in your country? - All legal signatures 81 No Yes 3.2.E-Commerce:E-signatures legally recognized in your country - Only dig. sign. 3.2.E-Commerce:E-signatures legally recognized in your country - Only dig. sign. 3.2.E-Commerce:E-signatures legally recognized in your country - Only dig. sign. 3.2.E-Commerce:E-signatures legally recognized in your country - Only dig. sign. 3.2.E-Commerce:E-signatures legally recognized in your country - Only dig. sign. 34. E-Signature What types of electronic signatures are legally recognized in your country? - Only digital signatures (e.g. PKI) 81 No Yes 4.E-Commerce:Technological neutrality 4.E-Commerce:Technological neutrality 4.E-Commerce:Technological neutrality 4.E-Commerce:Technological neutrality 4.E-Commerce:Technological neutrality 37. Technological neutrality Does the law or regulations prescribe a specific form or condition for any of the following: - 81 No Yes E-Commerce:Electronic communications/ messages E-Commerce:Electronic communications/ messages E-Commerce:Electronic communications/ messages E-Commerce:Electronic communications/ messages E-Commerce:Electronic communications/ messages 37. Technological neutrality Does the law or regulations prescribe a specific form or condition for any of the following: - Electronic communications/ messages 81 N/A No Yes E-Commerce:Electronic contracts E-Commerce:Electronic contracts E-Commerce:Electronic contracts E-Commerce:Electronic contracts E-Commerce:Electronic contracts 37. Technological neutrality Does the law or regulations prescribe a specific form or condition for any of the following: - Electronic contracts 81 N/A No Yes E-Commerce:Electronic signatures E-Commerce:Electronic signatures E-Commerce:Electronic signatures E-Commerce:Electronic signatures E-Commerce:Electronic signatures 37. Technological neutrality Does the law or regulations prescribe a specific form or condition for any of the following: - Electronic signatures 81 N/A No Yes 5.E-Commerce:Digital ID system for online service access 5.E-Commerce:Digital ID system for online service access 5.E-Commerce:Digital ID system for online service access 5.E-Commerce:Digital ID system for online service access 5.E-Commerce:Digital ID system for online service access 43. Digital ID system for online service access Is there a digital ID system that enables individuals to authenticate themselves online to access governmental services? (E.g., e-tax filing, online benefits application) 81 No Yes 6.Public Intent Data:Governmental/official entities mandated to use common tech. 6.Public Intent Data:Governmental/official entities mandated to use common tech. 6.Public Intent Data:Governmental/official entities mandated to use common tech. 6.Public Intent Data:Governmental/official entities mandated to use common tech. 6.Public Intent Data:Governmental/official entities mandated to use common tech. 39. Use, reuse, and sharing of public sector data Are governmental/official entities mandated to use common technical standards (e.g. “FAIR”)4 that enable interoperability of systems, registries, data bases? 81 N/A No Yes Public Intent Data:Established standards for open APIs for G2G/G2B/G2C services Public Intent Data:Established standards for open APIs for G2G/G2B/G2C services Public Intent Data:Established standards for open APIs for G2G/G2B/G2C services Public Intent Data:Established standards for open APIs for G2G/G2B/G2C services Public Intent Data:Established standards for open APIs for G2G/G2B/G2C services If yes, please mark below as appropriate and specify the relevant legal basis (law/regulation, article etc.): - Established standards for open APIs for G2G/G2B/G2C services 81 N/A No Yes Public Intent Data:Mandated 'ask once' principle Public Intent Data:Mandated 'ask once' principle Public Intent Data:Mandated 'ask once' principle Public Intent Data:Mandated 'ask once' principle Public Intent Data:Mandated 'ask once' principle If yes, please mark below as appropriate and specify the relevant legal basis (law/regulation, article etc.): - Mandated “ask once” principle 81 N/A No Yes Public Intent Data:Standardized communications protocol for accessing metadata Public Intent Data:Standardized communications protocol for accessing metadata Public Intent Data:Standardized communications protocol for accessing metadata Public Intent Data:Standardized communications protocol for accessing metadata Public Intent Data:Standardized communications protocol for accessing metadata If yes, please mark below as appropriate and specify the relevant legal basis (law/regulation, article etc.): - Standardized communications protocol for accessing metadata 81 N/A No Yes Public Intent Data:Semantic catalogues for data and metadata Public Intent Data:Semantic catalogues for data and metadata Public Intent Data:Semantic catalogues for data and metadata Public Intent Data:Semantic catalogues for data and metadata Public Intent Data:Semantic catalogues for data and metadata If yes, please mark below as appropriate and specify the relevant legal basis (law/regulation, article etc.): - Semantic catalogues for data and metadata 81 N/A No Yes 7.1.Public Intent Data:Open Data Act applicable across the entire public sector 7.1.Public Intent Data:Open Data Act applicable across the entire public sector 7.1.Public Intent Data:Open Data Act applicable across the entire public sector 7.1.Public Intent Data:Open Data Act applicable across the entire public sector 7.1.Public Intent Data:Open Data Act applicable across the entire public sector 46. Open data Is there an Open Data Act or open data policy applicable across the entire public sector? - Yes, an Open Data Act 81 No Yes 7.2.Public Intent Data:Open data policy applicable across the entire public sect 7.2.Public Intent Data:Open data policy applicable across the entire public sect 7.2.Public Intent Data:Open data policy applicable across the entire public sect 7.2.Public Intent Data:Open data policy applicable across the entire public sect 7.2.Public Intent Data:Open data policy applicable across the entire public sect 46. Open data Is there an Open Data Act or open data policy applicable across the entire public sector? - Yes, an Open Data policy 81 No Yes 7.3.Public Intent Data:No applicable Open Data Act or Policy 7.3.Public Intent Data:No applicable Open Data Act or Policy 7.3.Public Intent Data:No applicable Open Data Act or Policy 7.3.Public Intent Data:No applicable Open Data Act or Policy 7.3.Public Intent Data:No applicable Open Data Act or Policy 46. Open data Is there an Open Data Act or open data policy applicable across the entire public sector? - No 81 No Yes 8.Public Intent Data:Is there a government data classification policy/directive? 8.Public Intent Data:Is there a government data classification policy/directive? 8.Public Intent Data:Is there a government data classification policy/directive? 8.Public Intent Data:Is there a government data classification policy/directive? 8.Public Intent Data:Is there a government data classification policy/directive? 47. Data classification Is there a government data classification policy/directive? 81 No Yes 9.Public Intent Data:Mandatory to use the common data classification categories. 9.Public Intent Data:Mandatory to use the common data classification categories. 9.Public Intent Data:Mandatory to use the common data classification categories. 9.Public Intent Data:Mandatory to use the common data classification categories. 9.Public Intent Data:Mandatory to use the common data classification categories. 47. Data classification Is it mandatory to use the common data classification categories across all government database applications or document management systems? 81 N/A No Yes 10.Public Intent Data:Right to Information/Access to Information (ATI) legisl.. 10.Public Intent Data:Right to Information/Access to Information (ATI) legisl.. 10.Public Intent Data:Right to Information/Access to Information (ATI) legisl.. 10.Public Intent Data:Right to Information/Access to Information (ATI) legisl.. 10.Public Intent Data:Right to Information/Access to Information (ATI) legisl.. 45. Access to Information Has Right to Information/Access to Information (ATI) legislation been passed that grants individuals the right to request access to government records or data? 81 No Yes 11.Does the law provide for limitations or exceptions... 11.Does the law provide for limitations or exceptions... 11.Does the law provide for limitations or exceptions... 11.Does the law provide for limitations or exceptions... 11.Does the law provide for limitations or exceptions... Does the law provide for limitations or exceptions to this right of requesting access to government records or data? Please check all that apply 81 No Yes Public Intent Data:Sensitive information on national security, defense, or forei Public Intent Data:Sensitive information on national security, defense, or forei Public Intent Data:Sensitive information on national security, defense, or forei Public Intent Data:Sensitive information on national security, defense, or forei Public Intent Data:Sensitive information on national security, defense, or forei Does the law provide for limitations or exceptions to this right of requesting access to government records or data? Please check all that apply - Sensitive information on national security, defense, or foreign policy grounds 81 N/A No Yes Public Intent Data:Trade secrets or other commercial interests Public Intent Data:Trade secrets or other commercial interests Public Intent Data:Trade secrets or other commercial interests Public Intent Data:Trade secrets or other commercial interests Public Intent Data:Trade secrets or other commercial interests Does the law provide for limitations or exceptions to this right of requesting access to government records or data? Please check all that apply - Trade secrets or other commercial interests 81 N/A No Yes Public Intent Data:Personal data Public Intent Data:Personal data Public Intent Data:Personal data Public Intent Data:Personal data Public Intent Data:Personal data Does the law provide for limitations or exceptions to this right of requesting access to government records or data? Please check all that apply - Personal data 81 N/A No Yes Public Intent Data:Law enforcement Public Intent Data:Law enforcement Public Intent Data:Law enforcement Public Intent Data:Law enforcement Public Intent Data:Law enforcement Does the law provide for limitations or exceptions to this right of requesting access to government records or data? Please check all that apply - Law enforcement 81 N/A No Yes Public Intent Data:Privileged information Public Intent Data:Privileged information Public Intent Data:Privileged information Public Intent Data:Privileged information Public Intent Data:Privileged information Does the law provide for limitations or exceptions to this right of requesting access to government records or data? Please check all that apply - Privileged information 81 N/A No Yes Public Intent Data:Public investigations and audits Public Intent Data:Public investigations and audits Public Intent Data:Public investigations and audits Public Intent Data:Public investigations and audits Public Intent Data:Public investigations and audits Does the law provide for limitations or exceptions to this right of requesting access to government records or data? Please check all that apply - Public investigations and audits 81 N/A No yes Yes 12.Public Intent Data:Government adopted an open licensing regime 12.Public Intent Data:Government adopted an open licensing regime 12.Public Intent Data:Government adopted an open licensing regime 12.Public Intent Data:Government adopted an open licensing regime 12.Public Intent Data:Government adopted an open licensing regime 49. Sharing-friendly license Has the government adopted an open licensing regime (such as a Creative Common license by Attribution)? 81 No Yes 13.Private Intent Data:Individual right to request their personal data transfer. 13.Private Intent Data:Individual right to request their personal data transfer. 13.Private Intent Data:Individual right to request their personal data transfer. 13.Private Intent Data:Individual right to request their personal data transfer. 13.Private Intent Data:Individual right to request their personal data transfer. 38. Data portability Do individuals have the right to request that a controller transfer their personal data to another service or product provider? 81 No Yes 14.Private Intent Data:Individual right to obtain data in structured machine-rea 14.Private Intent Data:Individual right to obtain data in structured machine-rea 14.Private Intent Data:Individual right to obtain data in structured machine-rea 14.Private Intent Data:Individual right to obtain data in structured machine-rea 14.Private Intent Data:Individual right to obtain data in structured machine-rea 38. Data portability Do individuals have the right to obtain their data processed by a controller in a structured, commonly used and machine-readable format? 81 No Yes 15.Private Intent Data:Private sector service providers digitally verify or auth 15.Private Intent Data:Private sector service providers digitally verify or auth 15.Private Intent Data:Private sector service providers digitally verify or auth 15.Private Intent Data:Private sector service providers digitally verify or auth 15.Private Intent Data:Private sector service providers digitally verify or auth 42. ID data verification Can private sector service providers digitally verify or authenticate the identity of a person against data stored in the ID system? 81 N/A No Yes 16.Private Intent Data:Can Standard-setting organizations mandate patent/IPR... 16.Private Intent Data:Can Standard-setting organizations mandate patent/IPR... 16.Private Intent Data:Can Standard-setting organizations mandate patent/IPR... 16.Private Intent Data:Can Standard-setting organizations mandate patent/IPR... 16.Private Intent Data:Can Standard-setting organizations mandate patent/IPR... 53. Voluntary licensing of Intellectual Property Rights (IPRs) for private sector Can standard-setting organizations mandate patent/IPR holders to provide voluntary licensing access to “standard essential” data or applications on FRAND (fair, reasonable and non-discriminatory) terms? 81 No Yes Country code Country code Country code Country code Country code 80 * Sysmiss Country name Country name Country name Country name Country name 80 Region name Region name Region name Region name Region name 80 East Asia & Pacific Europe & Central Asia Latin America & Caribbean Middle East & North Africa North America South Asia Sub-Saharan Africa WB Income group WB Income group WB Income group WB Income group WB Income group 80 High income Low income Lower middle income Upper middle income 1.1.Personal Data:Legal basis for data protection 1.1.Personal Data:Legal basis for data protection 1.1.Personal Data:Legal basis for data protection 1.1.Personal Data:Legal basis for data protection 1.1.Personal Data:Legal basis for data protection 1. Legal basis for data protection Is there a data protection/privacy law of general application explicitly governing the use, collection, and processing of governing personal data (including sensitive data) and PII (“personal data”)? - Yes, there is a data protection law of general application governing personal data, PII and sensitive data; please specify 80 No Yes 1.2.Personal Data:Only sector-specific personal data protection and/or priv.laws 1.2.Personal Data:Only sector-specific personal data protection and/or priv.laws 1.2.Personal Data:Only sector-specific personal data protection and/or priv.laws 1.2.Personal Data:Only sector-specific personal data protection and/or priv.laws 1.2.Personal Data:Only sector-specific personal data protection and/or priv.laws 1. Legal basis for data protection Is there a data protection/privacy law of general application explicitly governing the use, collection, and processing of governing personal data (including sensitive data) and PII (“personal data”)? - No, there are only sector-specific personal data protection and/or privacy laws; please specify 80 No Yes 1.3.Personal Data:Privacy and/or data prot. rights protected in constitution.. 1.3.Personal Data:Privacy and/or data prot. rights protected in constitution.. 1.3.Personal Data:Privacy and/or data prot. rights protected in constitution.. 1.3.Personal Data:Privacy and/or data prot. rights protected in constitution.. 1.3.Personal Data:Privacy and/or data prot. rights protected in constitution.. 1. Legal basis for data protection Is there a data protection/privacy law of general application explicitly governing the use, collection, and processing of governing personal data (including sensitive data) and PII (“personal data”)? - No, there are privacy and/or data protection rights protected in the country's constitution 80 No Yes 1.4.Personal Data:No laws exist but significant court or admin. decisions... 1.4.Personal Data:No laws exist but significant court or admin. decisions... 1.4.Personal Data:No laws exist but significant court or admin. decisions... 1.4.Personal Data:No laws exist but significant court or admin. decisions... 1.4.Personal Data:No laws exist but significant court or admin. decisions... 1. Legal basis for data protection Is there a data protection/privacy law of general application explicitly governing the use, collection, and processing of governing personal data (including sensitive data) and PII (“personal data”)? - No, no laws exist but there have been significant court or administrative decisions that form the basis of or clarify privacy or data protection rights 80 No NO Yes 2.Personal Data:Exceptions to limitations on the coll. or processing of data 2.Personal Data:Exceptions to limitations on the coll. or processing of data 2.Personal Data:Exceptions to limitations on the coll. or processing of data 2.Personal Data:Exceptions to limitations on the coll. or processing of data 2.Personal Data:Exceptions to limitations on the coll. or processing of data 3. Exceptions to limitations on data collection, processing and transfer Does the relevant law/regulation provide exceptions to limitations on the collection or processing of data by government? (If No, please skip to question 4) 80 No Yes 3.Personal Data:Exceptions subject to a 'necessary and proportionate' test 3.Personal Data:Exceptions subject to a 'necessary and proportionate' test 3.Personal Data:Exceptions subject to a 'necessary and proportionate' test 3.Personal Data:Exceptions subject to a 'necessary and proportionate' test 3.Personal Data:Exceptions subject to a 'necessary and proportionate' test 3. Exceptions to limitations on data collection, processing and transfer Are these exceptions subject to a “necessary and proportionate” test to determine whether the exception is legitimately applied? 80 No Yes 4.Personal Data:Law/regulation require that coll. and use of pers. data be made. 4.Personal Data:Law/regulation require that coll. and use of pers. data be made. 4.Personal Data:Law/regulation require that coll. and use of pers. data be made. 4.Personal Data:Law/regulation require that coll. and use of pers. data be made. 4.Personal Data:Law/regulation require that coll. and use of pers. data be made. 5. Purpose limitation, proportionality, data minimization Does any law or regulation require that the collection and use of personal data be made for a stated purpose (or similar standard)? 80 No Yes 5.Personal Data:Law/regulation require that coll. and use of pers. data be pro.. 5.Personal Data:Law/regulation require that coll. and use of pers. data be pro.. 5.Personal Data:Law/regulation require that coll. and use of pers. data be pro.. 5.Personal Data:Law/regulation require that coll. and use of pers. data be pro.. 5.Personal Data:Law/regulation require that coll. and use of pers. data be pro.. 5. Purpose limitation, proportionality, data minimization Does any law or regulation require that the collection and use of personal data be proportionate, relevant, adequate and limited to what is necessary in relation to the purpose for which it is processed (or similar standard)? 80 No Yes 6.Personal Data:Storage limitation 6.Personal Data:Storage limitation 6.Personal Data:Storage limitation 6.Personal Data:Storage limitation 6.Personal Data:Storage limitation 9. Storage limitations Does any law or regulation require that personal data not be kept longer than is necessary for the purposes for which it is processed (or similar standard)? 80 No Yes 7.Personal Data:Privacy by design 7.Personal Data:Privacy by design 7.Personal Data:Privacy by design 7.Personal Data:Privacy by design 7.Personal Data:Privacy by design 10. Privacy by design Does any policy, law or regulation require data processors to incorporate technical and organizational privacy-by-design or privacy-by-default principles or use privacy-enhancing technologies (PETs) in the design and implementation of processing systems? 80 No Yes 8.Personal Data:Limitations on data sharing 8.Personal Data:Limitations on data sharing 8.Personal Data:Limitations on data sharing 8.Personal Data:Limitations on data sharing 8.Personal Data:Limitations on data sharing 11. Limitations on data sharing Do any laws, regulations or policies authorize, restrict or otherwise address sharing of personal data with third parties? If yes, does such law, regulation or policy require that the individual be notified of or give consent to such transfer? Please specify the relevant legal basis (law/regulation, article etc.): 80 No Yes 9.Personal Data:Right to challenge the accuracy and to rectification of personal 9.Personal Data:Right to challenge the accuracy and to rectification of personal 9.Personal Data:Right to challenge the accuracy and to rectification of personal 9.Personal Data:Right to challenge the accuracy and to rectification of personal 9.Personal Data:Right to challenge the accuracy and to rectification of personal 17. Right to challenge accuracy and to rectification of personal data Do individuals have the right to challenge the accuracy of information and have it rectified, completed, amended and/or deleted? 80 No Yes 10.Personal Data:Automated decisions 10.Personal Data:Automated decisions 10.Personal Data:Automated decisions 10.Personal Data:Automated decisions 10.Personal Data:Automated decisions 20. Automated decisions Are there rights to limit the making of decisions about individuals solely as a result of automated processing of personal data (i.e. without any human intervention)? 80 No Yes 11.Personal Data:Redress 11.Personal Data:Redress 11.Personal Data:Redress 11.Personal Data:Redress 11.Personal Data:Redress 21. Redress Do individuals have a right to object to the use of personal data about them, file complaints and seek redress? No (If No, please skip to question 22) 80 No Yes 12.Personal Data:Institutional arrangements to enforce personal data protection 12.Personal Data:Institutional arrangements to enforce personal data protection 12.Personal Data:Institutional arrangements to enforce personal data protection 12.Personal Data:Institutional arrangements to enforce personal data protection 12.Personal Data:Institutional arrangements to enforce personal data protection 22. Institutional arrangements to enforce personal data protection Does the law/regulation provide for the creation of a data protection authority/office (DPA/DPO)? (If No, please skip to question 23) 80 No Yes 13.Non-Personal Data:Intellectual property rights prevent data sharing? 13.Non-Personal Data:Intellectual property rights prevent data sharing? 13.Non-Personal Data:Intellectual property rights prevent data sharing? 13.Non-Personal Data:Intellectual property rights prevent data sharing? 13.Non-Personal Data:Intellectual property rights prevent data sharing? Safeguards specific to non-personal data 23. Intellectual Property Rights Can intellectual property rights be used to prevent the sharing of data? 80 No Yes 14.Non-Personal Data:Does the law include a provision regulating confidentiality 14.Non-Personal Data:Does the law include a provision regulating confidentiality 14.Non-Personal Data:Does the law include a provision regulating confidentiality 14.Non-Personal Data:Does the law include a provision regulating confidentiality 14.Non-Personal Data:Does the law include a provision regulating confidentiality Restrictions on use/reuse of public sector data 48. Intellectual Property Rights (IPRs) and licensing of public sector data Does the law include a provision regulating confidentiality or third-party rights in non-personal government data (e.g. company registers, business data underlying official statistics)? 80 N/A No Yes 15.Cybersecurity and Cybercrime:Data security - compliance with: 15.Cybersecurity and Cybercrime:Data security - compliance with: 15.Cybersecurity and Cybercrime:Data security - compliance with: 15.Cybersecurity and Cybercrime:Data security - compliance with: 15.Cybersecurity and Cybercrime:Data security - compliance with: Cybersecurity and cybercrime 25. Data security Do data processors/controllers have to comply with the following security requirements for the automated processing of personal data? Please check all that apply: 80 * Sysmiss Cybersecurity and Cybercrime:Encryption of personal data Cybersecurity and Cybercrime:Encryption of personal data Cybersecurity and Cybercrime:Encryption of personal data Cybersecurity and Cybercrime:Encryption of personal data Cybersecurity and Cybercrime:Encryption of personal data Cybersecurity and cybercrime 25. Data security If yes, please mark as appropriate below and provide the relevant legal basis (law/regulation, article etc.): - Encryption of personal data 80 No Yes Cybersecurity and Cybercrime:Anonymization/ pseudonymization of personal data Cybersecurity and Cybercrime:Anonymization/ pseudonymization of personal data Cybersecurity and Cybercrime:Anonymization/ pseudonymization of personal data Cybersecurity and Cybercrime:Anonymization/ pseudonymization of personal data Cybersecurity and Cybercrime:Anonymization/ pseudonymization of personal data Cybersecurity and cybercrime 25. Data security If yes, please mark as appropriate below and provide the relevant legal basis (law/regulation, article etc.): - Anonymization/ pseudonymization of personal data 80 No Yes Cybersecurity and Cybercrime:Integrity of data and systems that use or generate Cybersecurity and Cybercrime:Integrity of data and systems that use or generate Cybersecurity and Cybercrime:Integrity of data and systems that use or generate Cybersecurity and Cybercrime:Integrity of data and systems that use or generate Cybersecurity and Cybercrime:Integrity of data and systems that use or generate Cybersecurity and cybercrime 25. Data security If yes, please mark as appropriate below and provide the relevant legal basis (law/regulation, article etc.): - Integrity of data and systems that use or generate personal data 80 No Yes Cybersecurity and Cybercrime:Ability to restore data and sys. that use or genera Cybersecurity and Cybercrime:Ability to restore data and sys. that use or genera Cybersecurity and Cybercrime:Ability to restore data and sys. that use or genera Cybersecurity and Cybercrime:Ability to restore data and sys. that use or genera Cybersecurity and Cybercrime:Ability to restore data and sys. that use or genera Cybersecurity and cybercrime 25. Data security If yes, please mark as appropriate below and provide the relevant legal basis (law/regulation, article etc.): - Ability to restore data and systems that use or generate personal data after a physical or technical incident 80 No Yes Cybersecurity and Cybercrime:Ongoing tests, assessments and eval. of security... Cybersecurity and Cybercrime:Ongoing tests, assessments and eval. of security... Cybersecurity and Cybercrime:Ongoing tests, assessments and eval. of security... Cybersecurity and Cybercrime:Ongoing tests, assessments and eval. of security... Cybersecurity and Cybercrime:Ongoing tests, assessments and eval. of security... Cybersecurity and cybercrime 25. Data security If yes, please mark as appropriate below and provide the relevant legal basis (law/regulation, article etc.): - Ongoing tests, assessments and evaluation of security of systems that use or generate personal data 80 No Yes 16.Cybersecurity and Cybercrime:Internal adoption of cybersecurity standards 16.Cybersecurity and Cybercrime:Internal adoption of cybersecurity standards 16.Cybersecurity and Cybercrime:Internal adoption of cybersecurity standards 16.Cybersecurity and Cybercrime:Internal adoption of cybersecurity standards 16.Cybersecurity and Cybercrime:Internal adoption of cybersecurity standards 26. Internal adoption of cybersecurity standards Do data processors/controllers have to comply with the following cybersecurity requirements? Please check all that apply: 80 * Sysmiss Cybersecurity and Cybercrime:Adoption of internal policy establishing procedures Cybersecurity and Cybercrime:Adoption of internal policy establishing procedures Cybersecurity and Cybercrime:Adoption of internal policy establishing procedures Cybersecurity and Cybercrime:Adoption of internal policy establishing procedures Cybersecurity and Cybercrime:Adoption of internal policy establishing procedures 26. Internal adoption of cybersecurity standards Do data processors/controllers have to comply with the following cybersecurity requirements? Please check all that apply: - Adoption of an internal policy establishing procedures for preventing and detecting violations Please specify the relevant legal basis (law/regulation, article etc.): 80 No Yes Cybersecurity and Cybercrime:Confidentiality of data and systems that use or ... Cybersecurity and Cybercrime:Confidentiality of data and systems that use or ... Cybersecurity and Cybercrime:Confidentiality of data and systems that use or ... Cybersecurity and Cybercrime:Confidentiality of data and systems that use or ... Cybersecurity and Cybercrime:Confidentiality of data and systems that use or ... 26. Internal adoption of cybersecurity standards Do data processors/controllers have to comply with the following cybersecurity requirements? Please check all that apply: - Confidentiality of data and systems that use or generate personal data Please specify the relevant legal basis (law/regulation, article etc.): 80 No Yes Cybersecurity and Cybercrime:Appointment of a personal data processing office... Cybersecurity and Cybercrime:Appointment of a personal data processing office... Cybersecurity and Cybercrime:Appointment of a personal data processing office... Cybersecurity and Cybercrime:Appointment of a personal data processing office... Cybersecurity and Cybercrime:Appointment of a personal data processing office... 26. Internal adoption of cybersecurity standards Do data processors/controllers have to comply with the following cybersecurity requirements? Please check all that apply: - Appointment of a personal data processing office/manager Please specify the relevant legal basis (law/regulation, article etc.): 80 No Yes Cybersecurity and Cybercrime:Performance of internal controls Cybersecurity and Cybercrime:Performance of internal controls Cybersecurity and Cybercrime:Performance of internal controls Cybersecurity and Cybercrime:Performance of internal controls Cybersecurity and Cybercrime:Performance of internal controls 26. Internal adoption of cybersecurity standards Do data processors/controllers have to comply with the following cybersecurity requirements? Please check all that apply: - Performance of internal controls Please specify the relevant legal basis (law/regulation, article etc.): 80 No Yes Cybersecurity and Cybercrime:Assessment of harm that might be caused by data br. Cybersecurity and Cybercrime:Assessment of harm that might be caused by data br. Cybersecurity and Cybercrime:Assessment of harm that might be caused by data br. Cybersecurity and Cybercrime:Assessment of harm that might be caused by data br. Cybersecurity and Cybercrime:Assessment of harm that might be caused by data br. 26. Internal adoption of cybersecurity standards Do data processors/controllers have to comply with the following cybersecurity requirements? Please check all that apply: - Assessment of the harm that might be caused by a data breach Please specify the relevant legal basis (law/regulation, article etc.): 80 No Yes Cybersecurity and Cybercrime:Awareness program among employees Cybersecurity and Cybercrime:Awareness program among employees Cybersecurity and Cybercrime:Awareness program among employees Cybersecurity and Cybercrime:Awareness program among employees Cybersecurity and Cybercrime:Awareness program among employees 26. Internal adoption of cybersecurity standards Do data processors/controllers have to comply with the following cybersecurity requirements? Please check all that apply: - Awareness program among employees Please specify the relevant legal basis (law/regulation, article etc.): 80 No Yes 17.Cybersecurity and Cybercrime:criminalized activities: 17.Cybersecurity and Cybercrime:criminalized activities: 17.Cybersecurity and Cybercrime:criminalized activities: 17.Cybersecurity and Cybercrime:criminalized activities: 17.Cybersecurity and Cybercrime:criminalized activities: 27. Cybercrime: criminalized activities Does any law criminalize the following activities? Please check all that are applicable: 80 Yea Yes YEs Cybersecurity and Cybercrime:Unauthorized access to systems or other databases.. Cybersecurity and Cybercrime:Unauthorized access to systems or other databases.. Cybersecurity and Cybercrime:Unauthorized access to systems or other databases.. Cybersecurity and Cybercrime:Unauthorized access to systems or other databases.. Cybersecurity and Cybercrime:Unauthorized access to systems or other databases.. 27. Cybercrime: criminalized activities Does any law criminalize the following activities? Please check all that are applicable: - Unauthorized access to systems or other databases holding personal data Please specify the relevant legal basis (law/regulation, article etc.): 80 No Yes Cybersecurity and Cybercrime:Unauthorized interception of data from systems/data Cybersecurity and Cybercrime:Unauthorized interception of data from systems/data Cybersecurity and Cybercrime:Unauthorized interception of data from systems/data Cybersecurity and Cybercrime:Unauthorized interception of data from systems/data Cybersecurity and Cybercrime:Unauthorized interception of data from systems/data 27. Cybercrime: criminalized activities Does any law criminalize the following activities? Please check all that are applicable: - Unauthorized interception of data from systems or other databases holding personal data Please specify the relevant legal basis (law/regulation, article etc.): 80 No Yes Cybersecurity and Cybercrime:Unauthorized damaging deletion, deterioration, alt. Cybersecurity and Cybercrime:Unauthorized damaging deletion, deterioration, alt. Cybersecurity and Cybercrime:Unauthorized damaging deletion, deterioration, alt. Cybersecurity and Cybercrime:Unauthorized damaging deletion, deterioration, alt. Cybersecurity and Cybercrime:Unauthorized damaging deletion, deterioration, alt. 27. Cybercrime: criminalized activities Does any law criminalize the following activities? Please check all that are applicable: - Unauthorized damaging deletion, deterioration, alteration or suppression of data collected or stored as part of databases holding personal data Please specify the relevant legal basis (law/regulation, article etc.): 80 No Yes Cybersecurity and Cybercrime:Unauthorized interference with databases holding... Cybersecurity and Cybercrime:Unauthorized interference with databases holding... Cybersecurity and Cybercrime:Unauthorized interference with databases holding... Cybersecurity and Cybercrime:Unauthorized interference with databases holding... Cybersecurity and Cybercrime:Unauthorized interference with databases holding... 27. Cybercrime: criminalized activities Does any law criminalize the following activities? Please check all that are applicable: - Unauthorized interference with databases holding personal data Please specify the relevant legal basis (law/regulation, article etc.): 80 No Yes Cybersecurity and Cybercrime:Misuse of devices or data for purpose of comm... Cybersecurity and Cybercrime:Misuse of devices or data for purpose of comm... Cybersecurity and Cybercrime:Misuse of devices or data for purpose of comm... Cybersecurity and Cybercrime:Misuse of devices or data for purpose of comm... Cybersecurity and Cybercrime:Misuse of devices or data for purpose of comm... 27. Cybercrime: criminalized activities Does any law criminalize the following activities? Please check all that are applicable: - Misuse of devices or data for the purpose of committing any of the above criminal behavior Please specify the relevant legal basis (law/regulation, article etc.): 80 No Yes Cybersecurity and Cybercrime:Unauthorized input,alteration,deletion/interference Cybersecurity and Cybercrime:Unauthorized input,alteration,deletion/interference Cybersecurity and Cybercrime:Unauthorized input,alteration,deletion/interference Cybersecurity and Cybercrime:Unauthorized input,alteration,deletion/interference Cybersecurity and Cybercrime:Unauthorized input,alteration,deletion/interference 27. Cybercrime: criminalized activities Does any law criminalize the following activities? Please check all that are applicable: - Unauthorized input, alteration, deletion or interference with a computer system or platform to procure an economic benefit which would apply to databases holding personal data Please specify the relevant legal basis (law/regulation, article etc.): 80 No Yes Cybersecurity and Cybercrime:Fraudulent use/alteration of data/interference... Cybersecurity and Cybercrime:Fraudulent use/alteration of data/interference... Cybersecurity and Cybercrime:Fraudulent use/alteration of data/interference... Cybersecurity and Cybercrime:Fraudulent use/alteration of data/interference... Cybersecurity and Cybercrime:Fraudulent use/alteration of data/interference... 27. Cybercrime: criminalized activities Does any law criminalize the following activities? Please check all that are applicable: - Fraudulent use or alteration of data or interference with a computer system to procure an economic benefit which would apply to databases holding personal data Please specify the relevant legal basis (law/regulation, article etc.): 80 No Yes Cybersecurity and Cybercrime:Cybersecurity infrastructure and enforcement agency Cybersecurity and Cybercrime:Cybersecurity infrastructure and enforcement agency Cybersecurity and Cybercrime:Cybersecurity infrastructure and enforcement agency Cybersecurity and Cybercrime:Cybersecurity infrastructure and enforcement agency Cybersecurity and Cybercrime:Cybersecurity infrastructure and enforcement agency 28. Cybersecurity infrastructure and enforcement agency (CERT) Does any law, regulation or policy provide for the creation of a cyber-security strategy, infrastructure and institutions to identify, investigate, and address cyber-security threats? 80 No Yes Cybersecurity and Cybercrime:A cyber-security plan to protect key national infr. Cybersecurity and Cybercrime:A cyber-security plan to protect key national infr. Cybersecurity and Cybercrime:A cyber-security plan to protect key national infr. Cybersecurity and Cybercrime:A cyber-security plan to protect key national infr. Cybersecurity and Cybercrime:A cyber-security plan to protect key national infr. 28. Cybersecurity infrastructure and enforcement agency (CERT) Does any law, regulation or policy provide for the creation of a cyber-security strategy, infrastructure and institutions to identify, investigate, and address cyber-security threats? If yes, please mark as appropriate and specify the relevant legal basis (law/regulation, article etc.): - A cyber-security plan to protect key national infrastructure 80 N/A No Yes Cybersecurity and Cybercrime:A national CERT Cybersecurity and Cybercrime:A national CERT Cybersecurity and Cybercrime:A national CERT Cybersecurity and Cybercrime:A national CERT Cybersecurity and Cybercrime:A national CERT 28. Cybersecurity infrastructure and enforcement agency (CERT) Does any law, regulation or policy provide for the creation of a cyber-security strategy, infrastructure and institutions to identify, investigate, and address cyber-security threats? If yes, please mark as appropriate and specify the relevant legal basis (law/regulation, article etc.): - A national CERT 80 N/A No Yes 19.1.Cross-Border Data Flow: Adequacy approach 19.1.Cross-Border Data Flow: Adequacy approach 19.1.Cross-Border Data Flow: Adequacy approach 19.1.Cross-Border Data Flow: Adequacy approach 19.1.Cross-Border Data Flow: Adequacy approach 30. Adequacy and mutual recognition arrangements Under what conditions can local personal data be transferred to non-domestic third parties? - Adequacy approach Please specify the relevant legal basis (law/regulation, article etc.): 80 N/A No Yes 19.2.Cross-Border Data Flow: Accountability approach 19.2.Cross-Border Data Flow: Accountability approach 19.2.Cross-Border Data Flow: Accountability approach 19.2.Cross-Border Data Flow: Accountability approach 19.2.Cross-Border Data Flow: Accountability approach 30. Adequacy and mutual recognition arrangements Under what conditions can local personal data be transferred to non-domestic third parties? - Accountability approach Please specify the relevant legal basis (law/regulation, article etc.): 80 N/A No Yes 20.Cross-Border Data Flow:Arrangements with foreign countries or multinational.. 20.Cross-Border Data Flow:Arrangements with foreign countries or multinational.. 20.Cross-Border Data Flow:Arrangements with foreign countries or multinational.. 20.Cross-Border Data Flow:Arrangements with foreign countries or multinational.. 20.Cross-Border Data Flow:Arrangements with foreign countries or multinational.. 30. Adequacy and mutual recognition arrangements Does the country have arrangements with foreign countries or multinational entities or schemes, including decisions of domestic and foreign bodies or agencies, to require, permit or limit transfers of personal data between countries? Please check all that apply: 80 No Yes Cross-Border Data Flow:Adequacy decisions/ whitelists Cross-Border Data Flow:Adequacy decisions/ whitelists Cross-Border Data Flow:Adequacy decisions/ whitelists Cross-Border Data Flow:Adequacy decisions/ whitelists Cross-Border Data Flow:Adequacy decisions/ whitelists 30. Adequacy and mutual recognition arrangements Does the country have arrangements with foreign countries or multinational entities or schemes, including decisions of domestic and foreign bodies or agencies, to require, permit or limit transfers of personal data between countries? Please check all that apply: - adequacy decisions/ whitelists Please specify the relevant legal basis (law/regulation, article etc.): 80 N/A No Yes Cross-Border Data Flow:Binding corporate rules Cross-Border Data Flow:Binding corporate rules Cross-Border Data Flow:Binding corporate rules Cross-Border Data Flow:Binding corporate rules Cross-Border Data Flow:Binding corporate rules 30. Adequacy and mutual recognition arrangements Does the country have arrangements with foreign countries or multinational entities or schemes, including decisions of domestic and foreign bodies or agencies, to require, permit or limit transfers of personal data between countries? Please check all that apply: - binding corporate rules Please specify the relevant legal basis (law/regulation, article etc.): 80 N/A No Yes Cross-Border Data Flow:Mutual recognition arrangements Cross-Border Data Flow:Mutual recognition arrangements Cross-Border Data Flow:Mutual recognition arrangements Cross-Border Data Flow:Mutual recognition arrangements Cross-Border Data Flow:Mutual recognition arrangements 30. Adequacy and mutual recognition arrangements Does the country have arrangements with foreign countries or multinational entities or schemes, including decisions of domestic and foreign bodies or agencies, to require, permit or limit transfers of personal data between countries? Please check all that apply: - mutual recognition arrangements required information sharing through the Advance Passenger Information Please specify the relevant legal basis (law/regulation, article etc.): 80 N/A No Yes Cross-Border Data Flow:Treaties Cross-Border Data Flow:Treaties Cross-Border Data Flow:Treaties Cross-Border Data Flow:Treaties Cross-Border Data Flow:Treaties 30. Adequacy and mutual recognition arrangements Does the country have arrangements with foreign countries or multinational entities or schemes, including decisions of domestic and foreign bodies or agencies, to require, permit or limit transfers of personal data between countries? Please check all that apply: - System treaties Please specify the relevant legal basis (law/regulation, article etc.): 80 N/A No Yes 21.Cross-Border Data Flow:Circumstances constituting 'adequate level of protect. 21.Cross-Border Data Flow:Circumstances constituting 'adequate level of protect. 21.Cross-Border Data Flow:Circumstances constituting 'adequate level of protect. 21.Cross-Border Data Flow:Circumstances constituting 'adequate level of protect. 21.Cross-Border Data Flow:Circumstances constituting 'adequate level of protect. 30. Adequacy and mutual recognition arrangements If the regime requires an “adequacy” or similar mechanism, what circumstances constitute an “adequate level of protection” when transferring personal data internationally? Please check all that apply: 80 N/A No Yes Cross-Border Data Flow:The nature of the personal data Cross-Border Data Flow:The nature of the personal data Cross-Border Data Flow:The nature of the personal data Cross-Border Data Flow:The nature of the personal data Cross-Border Data Flow:The nature of the personal data 30. Adequacy and mutual recognition arrangements If the regime requires an “adequacy” or similar mechanism, what circumstances constitute an “adequate level of protection” when transferring personal data internationally? Please check all that apply: - The nature of the personal data 80 N/A No Yes Cross-Border Data Flow:The purposes and period data are intended to be proc... Cross-Border Data Flow:The purposes and period data are intended to be proc... Cross-Border Data Flow:The purposes and period data are intended to be proc... Cross-Border Data Flow:The purposes and period data are intended to be proc... Cross-Border Data Flow:The purposes and period data are intended to be proc... 30. Adequacy and mutual recognition arrangements If the regime requires an “adequacy” or similar mechanism, what circumstances constitute an “adequate level of protection” when transferring personal data internationally? Please check all that apply: - The purposes for which and period during which the data are intended to be processed 80 N/A No Yes Cross-Border Data Flow:The domestic law in force in the host country... Cross-Border Data Flow:The domestic law in force in the host country... Cross-Border Data Flow:The domestic law in force in the host country... Cross-Border Data Flow:The domestic law in force in the host country... Cross-Border Data Flow:The domestic law in force in the host country... 30. Adequacy and mutual recognition arrangements If the regime requires an “adequacy” or similar mechanism, what circumstances constitute an “adequate level of protection” when transferring personal data internationally? Please check all that apply: - The domestic law in force in the host country (general and sectoral, including defense and access of public authorities to personal data) 80 N/A No Yes Cross-Border Data Flow:The existence and effective functioning... Cross-Border Data Flow:The existence and effective functioning... Cross-Border Data Flow:The existence and effective functioning... Cross-Border Data Flow:The existence and effective functioning... Cross-Border Data Flow:The existence and effective functioning... 30. Adequacy and mutual recognition arrangements If the regime requires an “adequacy” or similar mechanism, what circumstances constitute an “adequate level of protection” when transferring personal data internationally? Please check all that apply: - The existence and effective functioning of one or more independent supervisory authorities in the third country to enforce compliance 80 N/A No Yes Cross-Border Data Flow:Presence of effective rule of law and judicial redress... Cross-Border Data Flow:Presence of effective rule of law and judicial redress... Cross-Border Data Flow:Presence of effective rule of law and judicial redress... Cross-Border Data Flow:Presence of effective rule of law and judicial redress... Cross-Border Data Flow:Presence of effective rule of law and judicial redress... 30. Adequacy and mutual recognition arrangements If the regime requires an “adequacy” or similar mechanism, what circumstances constitute an “adequate level of protection” when transferring personal data internationally? Please check all that apply: - Presence of effective rule of law and judicial redress for data subjects 80 N/A No Yes Cross-Border Data Flow:The international treaties the host country is a party to Cross-Border Data Flow:The international treaties the host country is a party to Cross-Border Data Flow:The international treaties the host country is a party to Cross-Border Data Flow:The international treaties the host country is a party to Cross-Border Data Flow:The international treaties the host country is a party to 30. Adequacy and mutual recognition arrangements If the regime requires an “adequacy” or similar mechanism, what circumstances constitute an “adequate level of protection” when transferring personal data internationally? Please check all that apply: - The international treaties the host country is a party to 80 N/A No Yes Cross-Border Data Flow:Relevant codes of conduct/rules enforceable in host ctry. Cross-Border Data Flow:Relevant codes of conduct/rules enforceable in host ctry. Cross-Border Data Flow:Relevant codes of conduct/rules enforceable in host ctry. Cross-Border Data Flow:Relevant codes of conduct/rules enforceable in host ctry. Cross-Border Data Flow:Relevant codes of conduct/rules enforceable in host ctry. 30. Adequacy and mutual recognition arrangements If the regime requires an “adequacy” or similar mechanism, what circumstances constitute an “adequate level of protection” when transferring personal data internationally? Please check all that apply: - Relevant codes of conduct or other rules enforceable in the host country (SCCs; BCRs) 80 N/A No Yes