We live in a digitized era. Our professional and personal lives go by the dictum that data should drive our actions and reactions. In the course of doing business, companies receive and handle a significant volume of data, and in many instances, this data will include critical—and sensitive—personal data about individuals, be they customers or even employees. Data is increasingly seen as essential to be competitive and is, in its own way, a currency. However, being a data handler also comes with responsibilities and significant risk. In the Philippines, an archipelago composed of 7,107 islands and a population of over 100 million, legislators realized that legislation needed to catch up with this new digital reality.

The smooth transfer of personal data between the European Union and the UK is of critical importance for many British and Continental businesses and may be jeopardized by the Brexit process. The 1995 EU Directive on Privacy establishes EU citizens’ right to privacy, including the protection of their personal data and the “right to be forgotten” from search engines. Countries that conform to these rules receive “adequacy agreements” that

The European Union’s General Data Protection Regulation (GDPR), which will come into force on May 25, 2018, is European in scope but with global implications. In an effort to protect personal data against unauthorized access and tampering, it strengthens the rights of individuals (such as the right of access, right of rectification, and right to be forgotten) and sets up new obligations for businesses (such as setting up a register of personal data processing, responding to requests from individuals, and data security and confidentiality measures).

A rogue employee attempting to make a profit on the Dark Web in 2017 breached the data systems of Bupa, a U.K.-based international health insurer. The employee, who goes under the codename “MoZeal” and who offered the database for sale on Alpha Bay, one of many sites on the Dark Web, has exposed data for 108,000 policies and claims to have information for as many as one million customers.