Share
The global data protection landscape continues to evolve at a rapid pace. While the GDPR set the gold standard for data protection regulations, 2024 has seen other jurisdictions increasingly adopt similar measures, tailored to their unique political and economic contexts. Notably, the U.S. has imposed restrictions on bulk data exports to certain countries, signalling a trend toward data localisation and stricter cross-border data flow management.
For organisations, this tightening regulatory network underscores the importance of conducting thorough Transfer Impact Assessments and implement Supplementary Measures when required for any data flows involving third countries, whether under the Standard Contractual Clauses (SCCs) or similar frameworks elsewhere. Recently, the Dutch Data Protection Authority's €290 million fine against Uber for transferring European drivers' personal data to U.S. servers without adequate safeguards highlights that even global tech giants cannot afford to overlook their compliance obligations. Meanwhile, China's Cyberspace Administration issued in March 2024, the "Provisions on Promoting and Regulating Cross-Border Data Flows", clarifying security assessment requirements and exempting certain data transfers from prior approvals, thereby easing compliance burdens for businesses to some extent.
Related item: Looking ahead: A new year and a new UK Data Protection law?
This article was co-authored by Joshua Curzon, Trainee Solicitor.