NakedPact LogoNakedPact
Torna alla Home Page
Database Normativo Globale

Le Normative Privacy nel Mondo

Monitoriamo costantemente le variazioni delle 22 principali leggi privacy globali. Ciascun report di NakedPact e ciascun Trust Badge viene misurato ed elaborato sulla base di queste direttive ufficiali.

Arabia Saudita

🇸🇦SA-PDPL

Saudi Personal Data Protection Law

Punti Chiave da Osservare:

Requires consent as the primary legal basis, limits cross-border data transfer unless approved under regulatory standards, mandates registration with SDAIA, requires data breach notification within strict timelines, and recognizes standard data subject rights.

Ultimo Controllo: 10 giugno 2026
Argentina

🇦🇷PDPA-AR

Ley de Protección de Datos Personales N° 25.326

Punti Chiave da Osservare:

Requires databases to be registered with the AAIP. Prior consent is mandatory for processing. Strictly limits international transfers to countries without adequate protection (similar to EU adequacy concept). Grants standard access/rectification/deletion rights.

Ultimo Controllo: 10 giugno 2026
Australia

🇦🇺APP

Australian Privacy Principles

Punti Chiave da Osservare:

13 principles governing the management of personal info. Includes obligations to have clear privacy policies, giving users anonymity/pseudonymity options where possible, strict limits on direct marketing, accountability for cross-border disclosures, and right to correct records.

Ultimo Controllo: 10 giugno 2026
Brasile

🇧🇷LGPD

Lei Geral de Proteção de Dados

Punti Chiave da Osservare:

Requires 10 legal bases for processing (similar to GDPR, including consent and legitimate interest). Mandates a Data Protection Officer (Encarregado), clear rights to access/delete/port data, mandatory security incident notification to ANPD, and strict administrative fines.

Ultimo Controllo: 10 giugno 2026
Canada

🇨🇦PIPEDA

Personal Information Protection and Electronic Documents Act

Punti Chiave da Osservare:

Governed by 10 Fair Information Principles: Accountability, Identifying Purposes, Consent, Limiting Collection, Limiting Use/Disclosure/Retention, Accuracy, Safeguards, Openness, Individual Access, and Challenging Compliance. Requires mandatory breach reporting.

Ultimo Controllo: 10 giugno 2026
Cina

🇨🇳PIPL

Personal Information Protection Law

Punti Chiave da Osservare:

Strict consent requirements, rules for cross-border data transfer including security assessments by the CAC, data localization for critical infrastructure, right to opt-out of automated decision-making (algorithms), and severe penalties for non-compliance (up to 5% of annual turnover).

Ultimo Controllo: 10 giugno 2026
Corea del Sud

🇰🇷PIPA

Personal Information Protection Act

Punti Chiave da Osservare:

One of the world's strictest privacy laws. Requires separate consent for different purposes, bans processing of unique identification numbers (like Resident Registration Numbers) unless authorized by law, mandates a Privacy Officer, and enforces severe criminal penalties.

Ultimo Controllo: 10 giugno 2026
Emirati Arabi

🇦🇪UAE-PDPL

Federal Decree-Law No. 45/2021 on Personal Data Protection

Punti Chiave da Osservare:

Applies to controllers and processors in the UAE or processing UAE citizens' data. Focuses on consent-based processing, data controller/processor obligations, rights to access/rectify/erase, and cross-border transfer requirements overseen by the UAE Data Office.

Ultimo Controllo: 10 giugno 2026
Filippine

🇵🇭DPA-PH

Data Privacy Act of 2012 (RA 10173)

Punti Chiave da Osservare:

Applies principles of transparency, legitimate purpose, and proportionality. Mandates security measures, DPO designation, notification of data breaches within 72 hours, rights to access/correct/object, and registration with the National Privacy Commission (NPC).

Ultimo Controllo: 10 giugno 2026
Giappone

🇯🇵APPI

Act on the Protection of Personal Information

Punti Chiave da Osservare:

Requires consent for third-party data transfers (unless opt-out system is registered with PPC), strict definitions of sensitive personal info, rules for handling pseudonymized/anonymized information, and rules for international data transfers requiring equivalent protection systems.

Ultimo Controllo: 10 giugno 2026
India

🇮🇳DPDPA

Digital Personal Data Protection Act

Punti Chiave da Osservare:

Applies to digital personal data. Mandates clear, itemized notice and consent, defines 'Data Fiduciary' and 'Data Principal', strict rules on processing kids' data (verifiable parental consent, no tracking), right to correct/erase, and significant fines handled by DPBI.

Ultimo Controllo: 10 giugno 2026
Messico

🇲🇽LFPDPPP

Ley Federal de Protección de Datos Personales en Posesión de los Particulares

Punti Chiave da Osservare:

Applies to private entities. Establishes principles of legality, consent, information, quality, purpose, loyalty, proportionality, and accountability. Recognizes ARCO rights (Access, Rectification, Cancellation, Opposition) and requires a detailed Privacy Notice (Aviso de Privacidad).

Ultimo Controllo: 10 giugno 2026
Nuova Zelanda

🇳🇿PA-NZ

Privacy Act 2020

Punti Chiave da Osservare:

13 Information Privacy Principles (IPPs) governing the lifecycle of personal info. Includes mandatory reporting of privacy breaches causing serious harm, cross-border disclosure limits (IPP 12), compliance notices issued by the Commissioner, and class action options.

Ultimo Controllo: 10 giugno 2026
Regno Unito

🇬🇧UK-GDPR

UK Data Protection Act 2018

Punti Chiave da Osservare:

Parallel to EU GDPR post-Brexit. Emphasizes individual rights, data controller accountability, mandatory DPO for public bodies, strict conditions for processing criminal offense data, child consent age set at 13 (different from EU default), and oversight by the Information Commissioner's Office (ICO).

Ultimo Controllo: 10 giugno 2026
Russia

🇷🇺152-FZ

Federal Law on Personal Data No. 152-FZ

Punti Chiave da Osservare:

Strict data localization mandate: databases storing personal data of Russian citizens must be physically located within the Russian Federation. Requires explicit written consent in many cases and formal registration with Roskomnadzor as a data operator.

Ultimo Controllo: 10 giugno 2026
Singapore

🇸🇬PDPA-SG

Personal Data Protection Act

Punti Chiave da Osservare:

11 obligations: Consent, Purpose Limitation, Notification, Access/Correction, Accuracy, Protection, Retention Limitation, Transfer Limitation, Data Breach Notification (within 3 calendar days for severe breaches), Data Portability, and Accountability.

Ultimo Controllo: 10 giugno 2026
Sud Africa

🇿🇦POPIA

Protection of Personal Information Act

Punti Chiave da Osservare:

8 conditions for lawful processing: Accountability, Processing Limitation, Purpose Specification, Further Processing Limitation, Information Quality, Openness, Security Safeguards, and Data Subject Participation. Requires registration of Information Officers.

Ultimo Controllo: 10 giugno 2026
Svizzera

🇨🇭nDSG

Neues Datenschutzgesetz

Punti Chiave da Osservare:

Aligns Swiss law with GDPR. Introduces 'privacy by design and by default', mandatory DPIAs for high-risk processing, duty to notify security breaches to FDPIC, and strict criminal penalties (fines up to CHF 250,000) targetable directly at responsible individuals.

Ultimo Controllo: 10 giugno 2026
Thailandia

🇹🇭PDPA-TH

Personal Data Protection Act

Punti Chiave da Osservare:

Based closely on GDPR. Requires legal bases for processing, explicit consent, DPO appointment under certain conditions, record-keeping of processing activities, strict controls over international transfers, and civil/criminal liability for data controllers.

Ultimo Controllo: 10 giugno 2026
Turchia

🇹🇷KVKK

Kişisel Verilerin Korunması Kanunu

Punti Chiave da Osservare:

Requires explicit consent unless specific exceptions apply. Strict rules for transferring data abroad (requires safe country list or board approval), mandatory registration in the Data Controllers Registry (VERBİS), and hefty administrative fines for violation of security obligations.

Ultimo Controllo: 10 giugno 2026
USA

🇺🇸CCPA

California Consumer Privacy Act

Punti Chiave da Osservare:

Right to know what personal info is collected, right to delete, right to opt-out of the sale or sharing of personal info (via explicit 'Do Not Sell or Share My Personal Info' link), non-discrimination for exercising rights, and higher standards of protection for minors (opt-in required for sharing info of users under 16).

Ultimo Controllo: 10 giugno 2026
Unione Europea

🇪🇺GDPR

General Data Protection Regulation

Punti Chiave da Osservare:

Focus on explicit consent, right to access, right to rectification, right to erase (forgetting), data portability, data minimization, purpose limitation, mandatory data breach notification within 72 hours, data protection impact assessments (DPIA), and restrictions on international transfers outside the EEA without adequacy decisions.

Ultimo Controllo: 10 giugno 2026