Are you in compliance with the recent changes in privacy law? Over the past year, there have been game-changing developments in privacy and data security laws around the world. In May 2018, the General Data Protection Regulation (GDPR) went into effect in the European Union (EU), ushering in a new, sweeping privacy law framework that affects not only businesses located in the EU, but also companies that offer goods and services to EU residents or monitor their behavior. Then, in June, the California Consumer Privacy Act was passed—a landmark law that, like the GDPR, will impose far-reaching requirements on businesses to protect consumers’ personal information. Other notable developments include Vermont passing a data broker law in May, Chicago introducing a data protection ordinance in June, Japan and the EU agreeing on a reciprocal finding of adequacy in July, and China enacting its Cybersecurity Law last year. This is a fast-evolving field, and more changes are certain to come.

These recent global developments have underscored the need for businesses in digital marketing and consumer-facing industries to develop a topline privacy compliance strategy. To do so, you must first determine the applicable jurisdictions and then develop privacy and data security practices that comply with the jurisdictional requirements. Topline compliance is unique to your business. A comprehensive review of your business practices in collecting, using and sharing personal data, as measured against the applicable regulations, is critical in avoiding legal pitfalls and enforcement actions.