Focus 1
Outbound trigger
Look beyond incorporation when you target users, sell locally, collect local personal information, run campaigns, or host regulated sector workflows outside Europe.
Open related pageFramework hub
Global privacy
Non-EU privacy, personal information, electronic marketing, cross-border transfer, and child-data rules for EU-incorporated software teams serving global users.
Focus 2
Data rights
Access, correction, deletion, portability, opt-out, consent, and breach notification duties vary by country and often require operational request handling.
Focus 3
Marketing and cookies
Email, SMS, push messages, tracking, children, and advertising can trigger separate laws even before a user becomes a paying customer.
Focus 4
Transfers and processors
Cross-border transfer notices, onward transfer contracts, processor terms, localization questions, and security measures are the main early design checks.
Country framework map
CA
CASL
Commercial electronic messages, unsubscribe flows, or software installation touching Canada.
Canada CASLBR
LGPD
Offering goods or services in Brazil, processing data in Brazil, or using data collected in Brazil.
ANPDAU
Privacy Act
Carrying on business in Australia or handling Australian personal information.
OAIC Privacy ActJP
APPI
Handling personal information of people in Japan or cross-border transfers involving Japan.
PPC JapanKR
PIPA
Personal information processing tied to Korean users, local services, AI privacy, or Korean business operations.
PIPC KoreaNZ
Privacy Act 2020
New Zealand users, privacy breach handling, access/correction requests, or overseas disclosure.
NZ Privacy ActZA
POPIA
South African personal information, direct marketing, operator relationships, or local customer operations.
Information RegulatorMX
LFPDPPP
Mexican personal data, privacy notices, ARCO rights requests, consent, sensitive data, or transfers.
INAI Mexico