12. Data compliance is becoming similar
to tax and labor compliance
Profile Health Transactions Payment
United States Multiplestate laws HIPAA GLBA
FNRA
NYS DFS500
PCI-DSS
European Union GDPR GDPR Bassel II PCI-DSS
Russia No. 242-FZ
No. 152-FZ
No. 242-FZ
No. 152-FZ
China PRC Cybersecurity
Law
PRC Cybersecurity
Law
PRC Cybersecurity
Law
India PDP 2018 IT Act 2000/08 PSS Act 2007
Times 190Countries!
13. Every business will
be just like
McDonald’s
• Uniform branding
• Some consistency
• Aspects tailored to each local
market
• Have to follow a variety of
regulations in each market
14. It’s not as simple as you would think
Eye color
Profile Data?
Costa
Rica
Health Data!
15. It’s even more complex across borders
Chinese National
LufthansaPlaneTicket
Multiple
Regulations
Different
countries
Profile in China,
Transaction in
Germany
16. Be careful about what kind of data you store
OK
• Profiledata
• Transactiondata
• Payment data
• Health data
Not OK
• Socialmedia posts
• Text messages
• Instant messages
• Personalphotographs
17. Building compliant infrastructure across countries is
expensive and time consuming
Step Team
Research data compliance Legal
Create compliance regimen Compliance
Select hosting provider Hosting operations
Contract hosting provider Hosting operations
Select secondary hosting provider Hosting operations
Contract secondary hosting provider Hosting operations
Implement API layer Engineering
Implement data layer Database administrators
Implement data backup Database administrators
Implement efficient WAN access Network operations
Ensure security Information security
Educate application developers on API Technical writing / education
Appropriate cyberinsurance Risk
Ongoing maintenance Technical operations
Audits Compliance, Technical operations
18. Use global to local vendors to offset compliance
Vendor Feature
TaxJar Localtax calculator
PassportShipping Handofffor customs/countrypostalservices
Coinbase Crypto exchange that runs in multiple countries
Trulioo Global“know your customer”checkslocalIDs
Bitwage Internationalwage payments usingcrypto
Hummingbird Anti money launderingAI
Integris Data privacyautomation
Okta User authentication