Data Protection Guide

Versión en Español

In this section, you can access the different parts of our guide for policy engagement on data protection "The Keys to Data Protection". The guide is intended to help organisations and individuals improve their understanding of data protection, by providing a framework to analyse the various provisions which are commonly presented in a data protection law.  

The guide was developed from Privacy International’s experience and expertise on international principles and standards applicable to the protection of privacy and personal data, and our leadership and research on modern technologies and data processing. 

Part 1 introduces data protection: what it is, how it works and why it is essential for the exercise of the right to privacy.  

While data protection laws vary from country to country, there are some commonalities and minimum requirements, underpinned by data protection principles and standards which tend to be reflected in the structure and content of relevant legislation. Each part of the report presents these, including: 

  • General provisions, definitions and scope (Part 2);
  • Data protection principles (Part 3);
  • The rights of data subjects (Part 4);
  • The grounds for processing personal data (Part 5);
  • The obligations of controllers and processors (Part 6); and
  • Oversight and enforcement structures (Part 7).

Part 8 provides some additional resources on data protection, and outlines opportunities for organisations to engage on data protection. 

Much of our engagement on data protection for the last decade has been undertaken through our work with our partners in the Privacy International Network. We would like to take the opportunity to acknowledge their incredible efforts to promote and advocate for the adoption of data protection laws across the world. 

Please reach out to us via social media or email if you have any feedback on the guide:
@privacyint
[email protected]

 

Related learning resources

A Guide for Policy Engagement Video

 

Report

This guide was designed for our partners across the world who want to see strong data protection laws in their countries. We identify some key points that they can use in their advocacy.

This version of the guide is the full guide that you can download as a single resource.

Report
This part of “The Keys to Data Protection” explains what data protection is, why it is needed, and how to works. It also outlines why it is essential for the exercise of the right to privacy. This part also provides a brief outline of data protection in practice.
Report
This part of “The Keys to Data Protection” presents what should be provided for in the general provisions of a data protection law including the object and purpose of the law and definitions.
Report
This part of “The Keys to Data Protection” presents and explains seven key data protection principles, derived from regional and international frameworks, covering elements such as minimisation, storage limitation, and accountability.
Report
This part of “The Keys to Data Protection” presents eight key rights for individuals (also known as ‘data subjects’) that should be followed and enforced by those who process personal data, including the right to access, the right to object, and the right to an effective remedy.
Report
This part of “The Keys to Data Protection” outlines and explains the legal basis permitted for the processing of personal data, which should be limited and clearly articulated in law.
Report
This part of “The Keys to Data Protection” presents the responsibilities, obligations, and liability of those who process personal data, to ensure data controllers and processors are held accountable under the law.
Report
This part of “The Keys to Data Protection” outlines the models and structures as well as powers and functions of an independent supervisory authority, which plays an essential role as an independent oversight and enforcement mechanism of data protection law.
Report
This part of “The Keys to Data Protection” provides links to further resources and outlines avenues for engagement which we hope will encourage more civil society organisations to engage in policy developments and legal processes on data protection.