The global data protection landscape is growing increasingly complex. With the proliferation of privacy laws across jurisdictions, organisations face a daunting challenge in ensuring compliance.
From the foundational GDPR, the evolving US state-level regulations, to new regulations in emerging markets, businesses with cross-border presence must navigate a maze of requirements to protect consumer data. This complexity, coupled with the rapid pace of regulatory change, requires proactive and strategic approaches to data management and protection.
GDPR: The Catalyst for Global Data Privacy
At the forefront of this global push for data privacy stands the General Data Protection Regulation (GDPR) – a landmark legislation that has reshaped data governance both within the EU and beyond. It has become a de facto standard for data management, influencing the creation of similar laws in countries like India, China, and regions such as Southeast Asia and the US.
However, the GDPR is evolving to tackle new challenges and incorporate lessons from past data breaches. Amendments aim to enhance enforcement, especially in cross-border cases, expedite complaint handling, and strengthen breach penalties. Amendments to the GDPR in 2024 focus on improving enforcement efficiency. The One-Stop-Shop mechanism will be strengthened for better handling of cross-border data processing, with clearer guidelines for lead supervisory authority and faster information sharing. Deadlines for cross-border decisions will be shortened, and Data Protection Authorities (DPAs) must cooperate more closely. Rules for data transfers to third countries will be clarified, and DPAs will have stronger enforcement powers, including higher fines for non-compliance.
For organisations, these changes mean increased scrutiny and potential penalties due to faster investigations. Improved DPA cooperation can lead to more consistent enforcement across the EU, making it crucial to stay updated and adjust data protection practices. While aiming for more efficient GDPR enforcement, these changes may also increase compliance costs.
GDPR’s Global Impact: Shaping Data Privacy Laws Worldwide
Despite being drafted by the EU, the GDPR has global implications, influencing data privacy laws worldwide, including in Canada and the US.
Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) governs how the private sector handles personal data, emphasising data minimisation and imposing fines of up to USD 75,000 for non-compliance.
The US data protection landscape is a patchwork of state laws influenced by the GDPR and PIPEDA. The California Privacy Rights Act (CPRA) and other state laws like Virginia’s CDPA and Colorado’s CPA reflect GDPR principles, requiring transparency and limiting data use. Proposed federal legislation, such as the American Data Privacy and Protection Act (ADPPA), aims to establish a national standard similar to PIPEDA.
The GDPR’s impact extends beyond EU borders, significantly influencing data protection laws in non-EU European countries. Countries like Switzerland, Norway, and Iceland have closely aligned their regulations with GDPR to maintain data flows with the EU. Switzerland, for instance, revised its Federal Data Protection Act to ensure compatibility with GDPR standards. The UK, post-Brexit, retained a modified version of GDPR in its domestic law through the UK GDPR and Data Protection Act 2018. Even countries like Serbia and North Macedonia, aspiring for EU membership, have modeled their data protection laws on GDPR principles.
Data Privacy: A Local Flavour in Emerging Markets
Emerging markets are recognising the critical need for robust data protection frameworks. These countries are not just following in the footsteps of established regulations but are creating laws that address their unique economic and cultural contexts while aligning with global standards.
Brazil has over 140 million internet users – the 4th largest in the world. Any data collection or processing within the country is protected by the Lei Geral de Proteção de Dados (or LGPD), even from data processors located outside of Brazil. The LGPD also mandates organisations to appoint a Data Protection Officer (DPO) and establishes the National Data Protection Authority (ANPD) to oversee compliance and enforcement.
Saudi Arabia’s Personal Data Protection Law (PDPL) requires explicit consent for data collection and use, aligning with global norms. However, it is tailored to support Saudi Arabia’s digital transformation goals. The PDPL is overseen by the Saudi Data and Artificial Intelligence Authority (SDAIA), linking data protection with the country’s broader AI and digital innovation initiatives.
Closer Home: Changes in Asia Pacific Regulations
The Asia Pacific region is experiencing a surge in data privacy regulations as countries strive to protect consumer rights and align with global standards.
Japan. Japan’s Act on the Protection of Personal Information (APPI) is set for a major overhaul in 2025. Certified organisations will have more time to report data breaches, while personal data might be used for AI training without consent. Enhanced data rights are also being considered, giving individuals greater control over biometric and children’s data. The government is still contemplating the introduction of administrative fines and collective action rights, though businesses have expressed concerns about potential negative impacts.
South Korea. South Korea has strengthened its data protection laws with significant amendments to the Personal Information Protection Act (PIPA), aiming to provide stronger safeguards for individual personal data. Key changes include stricter consent requirements, mandatory breach notifications within 72 hours, expanded data subject rights, refined data processing guidelines, and robust safeguards for emerging technologies like AI and IoT. There are also increased penalties for non-compliance.
China. China’s Personal Information Protection Law (PIPL) imposes stringent data privacy controls, emphasising user consent, data minimisation, and restricted cross-border data transfers. Severe penalties underscore the nation’s determination to safeguard personal information.
Southeast Asia. Southeast Asian countries are actively enhancing their data privacy landscapes. Singapore’s PDPA mandates breach notifications and increased fines. Malaysia is overhauling its data protection law, while Thailand’s PDPA has also recently come into effect.
Spotlight: India’s DPDP Act
The Digital Personal Data Protection Act, 2023 (DPDP Act), officially notified about a year ago, is anticipated to come into effect soon. This principles-based legislation shares similarities with the GDPR and applies to personal data that identifies individuals, whether collected digitally or digitised later. It excludes data used for personal or domestic purposes, aggregated research data, and publicly available information. The Act adopts GDPR-like territorial rules but does not extend to entities outside India that monitor behaviour within the country.
Consent under the DPDP Act must be free, informed, and specific, with companies required to provide a clear and itemised notice. Unlike the GDPR, the Act permits processing without consent for certain legitimate uses, such as legal obligations or emergencies. It also categorises data fiduciaries based on the volume and sensitivity of the data they handle, imposing additional obligations on significant data fiduciaries while offering exemptions for smaller entities. The Act simplifies cross-border data transfers compared to the GDPR, allowing transfers to all countries unless restricted by the Indian Government. It also provides broad exemptions to the State for data processing under specific conditions. Penalties for breaches are turnover agnostic, with considerations for breach severity and mitigating actions. The full impact of the DPDP Act will be clearer once the rules are finalised and the Board becomes operational, but 97% of Indian organisations acknowledge that it will affect them.
Conclusion
Data breaches pose significant risks to organisations, requiring a strong data protection strategy that combines technology and best practices. Key technological safeguards include encryption, identity access management (IAM), firewalls, data loss prevention (DLP) tools, tokenisation, and endpoint protection platforms (EPP). Along with technology, organisations should adopt best practices such as inventorying and classifying data, minimising data collection, maintaining transparency with customers, providing choices, and developing comprehensive privacy policies. Training employees and designing privacy-focused processes are also essential. By integrating robust technology with informed human practices, organisations can enhance their overall data protection strategy.
Despite an increase in energy efficiency investment, the construction sector’s energy consumption and CO₂ emissions have rebounded to an all-time high. Buildings currently contribute 39% of global energy-related carbon emissions – 28% from operational needs like heating and cooling, and 11% from construction materials.
In the next three decades, with the global population expected to reach 9.7 billion, the construction industry will face the pressure to meet growing infrastructure and housing demands while adapting to stricter environmental regulations.
The urgency of climate action demands that governments mandate low-carbon practices in urban development.
Increase Use of Low-Carbon Materials
Traditional building materials like concrete, steel, and brick are strong and durable but environmentally costly. This high embodied carbon footprint is prompting a shift towards low-carbon alternatives. Indonesia is using ‘green cement’ – made using environmentally friendly materials – in the development of its new futuristic capital Nusantara. This has led to an estimated reduction in carbon emissions of up to 38% per tonne of cement so far.
Nordic countries are setting ambitious targets for low-carbon materials. Starting in 2025, Finland will require life cycle assessments and material declarations in construction to reduce emissions, detailing building components and material origins. Denmark is also prioritising low-carbon materials through energy-efficient designs, sustainable materials, and stringent building codes.
Mandate Whole-Life Carbon Emission Assessments
Whole Life-Cycle Carbon (WLC) emissions encompass all the carbon a building generates throughout its lifespan, from material extraction to demolition and disposal. Assessing WLC gives a comprehensive understanding of a building’s total environmental impact.
The London Plan is a roadmap for future development and achieving the goal of a zero-carbon city. The plan includes provisions for WLC analysis, specific energy hierarchies, and strategies to reduce London’s carbon footprint.
With a bold vision of a fully circular city by 2050, the Amsterdam Circular Strategy 2020-2025 lays out a comprehensive roadmap to achieve this goal. Key elements include mapping material flows to reduce reliance on virgin resources and mandating WLC assessments.
Enforce Clean Construction Standards
From green building codes to tax incentives, governments around the world are implementing innovative strategies to encourage sustainable building practices.
The Philippines’ National Building Code requires green building standards and energy efficiency measures for new buildings.
Seattle offers expedited permits for projects meeting embodied carbon standards, speeding up eco-friendly construction, and reinforcing the city’s environmental goals.
New Jersey offers businesses a tax credit of up to 5% for using low-carbon concrete and an additional 3% for concrete made with carbon capture technology.
Promote Large-Scale Adaptive Reuse
Large-scale adaptive reuse includes reducing carbon emissions by making existing buildings and infrastructure a larger part of the climate solution.
London’s Battersea Power Station restored its iconic chimneys and Art Deco façade, transforming it into a vibrant hub with residential, commercial, and leisure spaces.
The High Line in New York has been transformed into a public park with innovative landscaping, smart irrigation, and interactive art installations, enhancing visitor experience and sustainability.
Singapore using adaptive reuse to rejuvenate urban and industrial spaces sustainably. The Jurong Town Corporation is repurposing a terrace factory for sustainable redevelopment and preserving industrial heritage. In Queenstown, historical buildings in Tanglin Halt are being reused to maintain historical significance and add senior-friendly amenities.
Establish Circular Economy
As cities worldwide start exploring ways to go circular, some are already looking into different ways to leverage innovative practices to implement circular initiatives.
Toronto is embedding circular criteria into procurement by requiring circular economy profiles, vendor action plans, and encouraging circular design for parklets. The city also recommends actions for transitioning to a circular economy and is developing e-learning on circular procurement for staff.
Japan uses Building Information Modeling to optimise resource consumption and reduce waste during construction, with a focus on using recycled materials to promote sustainability in building projects.
Adopt Electric Vehicles
The share of EVs increased from 4% in 2020 to 18% in 2023 and is expected to grow in 2024. This trend reflects a global shift toward cleaner transportation, driven by technological advancements and rising environmental awareness.
The Delhi EV Policy aims to expand charging infrastructure and incentives, targeting 18,000 charging points by 2024, with 25% EV registrations and one charging outlet per 15 EVs citywide.
Singapore is adopting EVs to reduce land transport emissions as part of its net-zero goal, aiming to cut emissions by 1.5 to 2 million tonnes. The EV Roadmap targets cost parity with internal combustion engine (ICE) vehicles and 60,000 charging points by 2030.
Australia has set new rules to limit vehicle pollution, encouraging car makers to sell more electric vehicles and reduce transportation pollution.
Promote Circular Economy Marketplaces
Circular marketplaces play an important role in the new economy, changing the way we use, manufacture, and purpose materials and products.
The UK’s Material Reuse Portal aggregates surplus construction materials post-deconstruction, offering guidance and connections to service providers. It integrates with various data sources, can be customised for different locations, and provides free access to sustainable materials. Future plans include expanding marketplace partnerships to enhance material reuse.
Build Reuse is a US-based online marketplace specialising in salvaged and surplus building materials. It connects buyers and sellers for reclaimed items like wood, bricks, fixtures, and architectural elements, promoting resource efficiency and reducing construction waste.
Technology has been reshaping the Real Estate industry landscape. Advancements in manufacturing technologies, digital tools, AI & analytics, and IoT – coupled with customer and employee expectations – are revolutionising how properties are built, bought, sold, managed, and experienced.
The evolution of RealTech and PropTech has a far-reaching impact on the industry, streamlining processes, improving customer experiences, and driving innovation across the entire sector.
Read on to find out how technology impacts the entire value chain; the key drivers of Real Estate evolution; the strong influence of “smart consumers”; and what Ecosystm VP Industry Insights Sash Mukherjee thinks where the industry is headed.
Download ‘The Future of Real Estate’ as a PDF
