In this episode of podcast In Process: Conversations About Businesses in the 21st Century, Trusted Counsel’s Evelyn Ashley and John Monahon speak to Michael Jones, Attorney at Trusted Counsel, whose practice specializes in privacy, compliance and technology licensing. Michael discusses the latest developments regarding the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and data privacy in the United States. This blog post and podcast continue discussion of two earlier blog posts; The EU General Data Protection Regulation and The California Consumer Privacy Act.
As you probably already know, the GDPR entered into effect on May 25, 2018. By now you’ve most likely been bombarded with emails from various vendors stating their privacy policies are updated. What you might not know is that the driving force behind this flurry of email activity is the GDPR. A key requirement of the GDPR is that customers and other users must be notified of certain changes to privacy policies. The goal of the GDPR is to allow individuals to have greater control over how their personal information is processed by organizations. And although the GDPR is a European Union regulation, many U.S. businesses are discovering that they may have certain obligations under the law. If you are a U.S. business providing goods or services to individuals in the EU (even through other businesses), you should undergo a thorough review of how you access, store and use your data.
“If you are quick to dismiss the GDPR due to the idea that it is an EU regulation, really think it through,” Michael says. “What’s really striking about the GDPR is its extraterritorial effect. By this I mean the idea that it protects the personal information of EU residents. A business can process, hold, maintain, and use the personal information of EU residents even if they’re not living in the EU. In other words, the individual could be located in the state of Georgia, or anywhere in the world. In this example, it applies to your business.”
About a month after the GDPR went into effect, the California Legislature passed the CCPA, which has suddenly become the gold standard for privacy legislation in the United States. It imposes requirements much like those imposed by the GDPR, but it doesn’t go into effect until January 1, 2020. Much like the GDPR, you might be thinking that you’re not affected because you don’t have a business in California. But look at it this way, chances are that somewhere in your database, you’ve obtained the personal information of at least one California resident with whom you do business. And, if California just passed this legislation, could other states soon follow suit? Yes, they will.
Businesses need to prepare now, and here’s what you need to do:
- Read our past blog posts on GDPR and CCPA (each includes detailed and important questions to ask yourself)
- Listen to the entire conversation by clicking the audio player below
- Identify the employees in your company that know where your data is. Get them together, put together a team and start talking about how your organization collects personal data.
- Take good notes and document everything
- Contact Trusted Counsel with questions. We can help you put together a compliance plan if needed. This will allow you to not only be in compliance now, but also to stay in compliance.
During the course of the podcast, CEOs, business owners, and C-level executives will learn:
- The difference between the GDPR and the CCPA
- What questions businesses should be asking themselves regarding GDPR
- Internal steps a business should take right now to become compliant
- Legal advice for organizations that are reviewing their data privacy policies and procedures and their compliance risks
- Commentary regarding the future of data privacy in the U.S.
Stream the conversation in the player below to learn more. You can also subscribe to In Process Podcast to receive this episode as well as future updates from the show on your smartphone. If you have any questions or comments regarding the GDPR, the CCPA, data privacy and your compliance efforts, please contact Michael Jones with Trusted Counsel. You may reach him at 404-400-3886 or email him at firstname.lastname@example.org.