In recent weeks, consumers have seen their inboxes fi ll up with notifications from companies letting them know they have all updated their privacy policies.
It’s no coincidence. Last Friday the European Union’s new data privacy regulations went into effect, prompting even US companies to retool how they handle consumer and employee data and online consent, or else they will face massive penalties.
The EU adopted the General Data Protection Regulation, or GDPR, in 2016 to bolster the rights that its residents have regarding how their personal data is collected and processed. Among other things, the GDPR gives EU residents the “right to be forgotten,” or demand that an organization erase their personal data. It also lays a host of responsibilities on organizations anywhere in the world that handle EU-based data. These range from conducting impact assessments that gauge their organization’s data security risks to the need to notify authorities of a data breach within 72 hours.
As it turns out, new privacy policies are just a fraction of the monster-sized compliance efforts many US companies — and their legal counsel — have been working on in recent months.