Decade of data privacy: What CCPA and GDPR mean for your business

As you fired up your computer after the holidays, you probably discovered your in-box was filled with e-mails about updated privacy policies. You may remember receiving a similar wave of e-mails in May 2018. While it might seem that companies made a collective New Year's resolution to update their privacy policies, all of those e-mails can be connected to two important data privacy regulations that will shape the global economy over the next decade.

In 2018, the culprit behind the wave of updated privacy policy e-mails was the European Union's (EU) General Data Protection Regulation (GDPR). In 2020, it's the California Consumer Privacy Act (CCPA), which creates new rights for consumers and new penalties for businesses that fail to comply with its provisions. Despite the appearance of limited geographic scope, both the GDPR and the CCPA have far-reaching influence that may bring your business within their grasp. As we embark on a new decade, employers should be sure to make data privacy compliance a top priority.

GDPR: precursor to the CCPA

The GDPR took effect in May 2018, prompting many businesses to update their privacy policies. That led to a wave of e-mails notifying customers of the policy changes and asking customers to consent to continued marketing communications.

The GDPR regulates the processing of personal data by creating new data privacy rights for all EU residents and a severe penalty framework for violations. Any organization that collects or processes personal data (e.g., names, e-mail addresses, physical addresses, phone numbers) from EU residents must comply with the GDPR.