New privacy laws on the world stage are impacting businesses that have any online presence and capture personally-identifiable data.
GDPR
The EU’s General Data Protection Regulation (GDPR) has already had a significant effect on companies doing business in the EU or doing business with EU residents. It’s affected most U.S. based companies that have any reason to handle personally-identifiable data from EU citizens.
In effect for a year now, regulators have started handing out significant fines for non-compliance. Notable fines against U.S. companies include a proposed $57 million fine against Google and a $123 million proposed penalty for Marriott.
CCPA
California’s CCPA (California Consumer Privacy Act) is one of the strictest laws in the U.S. and goes into effect in January 2020. Businesses will be required to allow California residents to access or delete personal data from records. In addition, businesses must allow residents to opt-out of being included in data-sharing arrangements or selling of their data.
The Future
Other privacy laws have been passed in Maine and Nevada. 16 other states have laws currently being debated.