Summary  
This chapter explains how to design systems that manage user data in compliance with global privacy regulations by implementing features for data access, correction, deletion, consent, and portability.

General domain of usage  
Web applications handling personal data.

**Privacy Regulation** is a set of laws designed to protect people's personal information and control how companies collect, store, and use it.

Definition

### Major Global Privacy Laws
#### 1\. GDPR — General Data Protection Regulation (EU) 
Violations can cost up to **4% of global annual revenue** - sometimes billions.

Key rights it gives people:
- Know what data companies collect;
- Understand why the data is used;
- Request corrections;
- Request deletion ("right to be forgotten");
- Take their data somewhere else (data portability).

#### 2. CCPA — California Consumer Privacy Act (USA)
What it gives Californians:
- The right to know what data companies collect;
- The right to opt out of data selling;
- The right to request deletion;
- The right to know who companies share data with.

It's slightly less strict than GDPR but set a huge precedent in the US.
#### 3. LGPD — Lei Geral de Proteção de Dados (Brazil)
Key Features:
- Requires clear data consent;
- Regulates data processing;
- Protects both digital and physical data;
- Holds companies legally accountable.

Brazil is a massive global market — so companies worldwide must adjust to LGPD to operate there.

#### 4. HIPAA — Health Insurance Portability and Accountability Act (USA)

Covers:
- Hospitals;
- Clinics;
- Insurance companies;
- Apps that store medical information.

Protects health and medical data. A medical data leak could cause discrimination, emotional harm, or long-term privacy damage.

Privacy shouldn't depend on which country someone lives in.
Good companies take the highest standard (often GDPR) and apply it everywhere — not just where they are legally required.

Note

What is the main goal of privacy regulations like GDPR and CCPA?

A practical guide to operating responsibly in digital advertising and marketing — covering the regulations that govern data collection, the systems that protect consumer privacy, the risks that come with programmatic media, and the organisational structures that keep brands compliant and credible. Built for professionals who need more than theory: every section moves from concept to application, ending with the tools, frameworks, and decision-making skills to handle real compliance challenges in the field.

The rules, frameworks, and core concepts that define how organisations handle personal data — from global regulations to the practical policies governing digital advertising.

How data moves through an organisation, how it must be protected, and what individuals are entitled to expect from the businesses that hold their information.

The risks that come with operating in digital media, how to control where a brand appears, and how to respond when something goes wrong.

Putting it all together — auditing what exists, building the culture and systems to sustain it, and staying ahead of what comes next.

Global Privacy Regulation

Major Global Privacy Laws

1. GDPR — General Data Protection Regulation (EU)

2. CCPA — California Consumer Privacy Act (USA)

3. LGPD — Lei Geral de Proteção de Dados (Brazil)

4. HIPAA — Health Insurance Portability and Accountability Act (USA)