Globalization and technology development have enabled the significant expansion of international business opportunities; however, some national governments are attempting to exert control over the increasingly porous technological barriers between countries.

The European Union General Data Protection Regulation (“GDPR”), which takes effect on May 25, 2018, will require all companies in the EU involved in the processing of personal data to comply with an expanded scope of data privacy protection. A number of other countries, including China, Russia, India, and Brazil, have also introduced similar regulations. Though perhaps lesser-known than GDPR, these regulations nonetheless require significant compliance.

China, Russia, India, and Brazil, among others, are increasing restrictions on government procurement of software and hardware from foreign companies and enacting data localization laws intended to keep citizens’ personal data in-country and subject to local regulation. These laws pose a growing threat to the information technology sector and beyond, with the potential to cause companies to withdraw operations from key markets, threaten the free flow of information across borders, compromise the maintenance of global supply chains, and open companies up to fines and worse.