Privacy regulations are expanding beyond the European Union’s General Data Protection Regulation (GDPR), to include California’s Consumer Privacy Act (CCPA) and regulations in other states and countries as well. The landscape is changing fast, and it can seem like the only certainty is uncertainty, but nearly a year after the GDPR went into effect, there are insights and best practices that can be applied to the CCPA and beyond.
If the GDPR does not apply to your company, you can still benefit from implementing a solution for transparency, notice and consent around consumer data handling. A best practices privacy rights management system provides other advantages. For one, it gives you an opportunity to build a competitive advantage as an organization that deserves consumer trust. As another, it puts you a step ahead if (more likely, when) regulations are enacted that do apply to you.
The General Data Protection Regulation (GDPR) is one of the most robust individual privacy rights frameworks enacted to date. The regulation went into effect on May 25, 2018 and covers any organization that deals with the personal data of a European citizen. It not only defines privacy and how to evaluate whether an organization is properly protecting it, but also sets out consequences with substantial financial penalties for non-compliance.
Evolving regulations in privacy and data security are pressuring companies to accommodate user demands for control over their personal information. The General Data Protection Regulation (GDPR) represents the largest change to European Union (EU) data protection laws in decades, and requires companies that do business in the region to provide increased protections for EU users.
When it comes to privacy regulation enforcement it can be tricky to understand who is leading the charge. Each regulation handles things individually. Let's take a look at those who govern two key regulations: the GDPR (General Data Protection Regulation) and the CCPA (California Consumer Privacy Act).