Data protection is going global, with stronger laws and enforcement strategies in Latin America, Africa and Asia-Pacific. And for compliance, one size doesn't fit all.

Last May, in-house eyes were on the European Union, as companies prepared for the General Data Protection Regulation. The EU's sweeping data privacy law enhanced residents' rights over their personal data, implementing new policies on the right to be forgotten, explicit, informed consent and processor accountability, with fines up to 20 million euros, or 4 percent of global turnover.

The rule's hefty price tag and strong enforcement has, in part, kept in-house focus on Europe. But ignoring data privacy changes outside of Europe, or assuming GDPR policies will comply anywhere, may lead to fines or diminished consumer trust in other regions, lawyers said. Camila Tobón, a Colorado-based data privacy lawyer at Shook, Hardy & Bacon, said many countries in the Latin America follow a consent-based model, which doesn't allow for the legitimate interest data collection case presented under GDPR. She said many Latin American countries with data privacy laws used Spain's consent-based version of the 1995 Data Protection Directive to shape their regulations.