↓ Skip to main content

Data Protection

Laws, policies and practices for protecting personal and sensitive data

19 items 15 Laws

Software Database

Software Database

Every foreign SaaS tool is a potential backdoor for extraterritorial data access. This database helps organizations identify European and open-source alternatives to reduce dependency on US Cloud Act-subject vendors and maintain data sovereignty.

Norwegian Digital Sovereignty Index (NDSI)

Norwegian Digital Sovereignty Index (NDSI)

What gets measured gets managed. NDSI provides a structured framework to assess your organization's sovereignty posture, identify vulnerabilities to foreign control, and track improvement over time - aligned with EU standards and Norwegian regulations.

Norwegian Digital Sovereignty Survey

Find out how dependent your organization is on foreign cloud providers

Software Risk Check

Check the sovereignty risk of your software tools

APPI

Act on the Protection of Personal Information (2003)

Japan's data protection law, substantially revised in 2020 and 2022 to strengthen protections and align with international standards.

BDSG

Bundesdatenschutzgesetz (Federal Data Protection Act) (2018)

German federal law supplementing GDPR with national provisions for employment data, public sector processing, and video surveillance.

DPDP Act

Digital Personal Data Protection Act 2023 (2023)

India's first comprehensive data protection law providing individual rights while maintaining broad government exemptions.

EEA Agreement

Agreement on the European Economic Area (1994)

Treaty extending EU internal market rules, including data protection regulations, to Norway, Iceland, and Liechtenstein.

ePrivacy Directive

Directive on privacy and electronic communications (2002)

EU directive protecting privacy in electronic communications, covering cookies, spam, and confidentiality of communications.

EU-US DPF

EU-US Data Privacy Framework (2023)

2023 adequacy decision enabling personal data transfers from EU to certified US companies, successor to invalidated Privacy Shield.

FADP

Federal Act on Data Protection (revised) (2023)

Swiss data protection law substantially revised in 2023 to align with GDPR while preserving Swiss legal traditions.

GDPR

General Data Protection Regulation (2018)

EU regulation giving individuals control over their personal data with comprehensive rights and strong enforcement.

LED

Law Enforcement Directive (2016)

EU directive setting data protection rules for police and criminal justice authorities.

Personopplysningsloven

Lov om behandling av personopplysninger (Personal Data Act) (2018)

Norwegian national law implementing GDPR through the EEA Agreement, with supplementary provisions specific to Norway.

PIPA

Personal Information Protection Act (2011)

South Korea's comprehensive data protection law with strong enforcement, individual rights, and strict cross-border transfer requirements.

PIPEDA

Personal Information Protection and Electronic Documents Act (2000)

Canada's federal privacy law for commercial activities, establishing fair information principles for private sector data handling.

PIPL

Personal Information Protection Law (2021)

China's comprehensive personal data protection law providing GDPR-like rights while operating alongside state access requirements.

Privacy Act 2020

Privacy Act 2020 (2020)

New Zealand's modernized privacy law strengthening individual rights, requiring breach notification, and enhancing enforcement powers.

UK GDPR

UK General Data Protection Regulation (2021)

Post-Brexit retained version of EU GDPR forming the core of UK data protection law alongside the Data Protection Act 2018.