For reasons of cost and convenience, internationally operating companies in particular tend to adopt guidelines for their locations uniformly throughout the world. Especially with regard to data protection however, there are local differences that are difficult to implement in all regions. An example of this is the European Data Protection Regulation (GDPR), which is mostly supplemented by regional laws. A reasonable strategy should therefore define the principles of the company and at the same time respond to local differences at the respective locations.
How this can effectively succeed is explained by TaylorWessing in this blog post: