Yahoo Finance

Sponsored Content

By Dominique Shelton, Bo Kim and Laura Mujenda

Shelton Is your company in compliance with the recent changes in privacy law? Over the past year, there have been game-changing developments in privacy and data security laws around the world. In May 2018, the General Data Protection Regulation (GDPR) went into effect in the European Union (EU), ushering in a new, sweeping privacy law framework that affects not only businesses located in the EU, but also companies that offer goods and services to EU residents or monitor their behavior. In June, the California Consumer Privacy Act was passed—a landmark law that, like the General Data Protection Regulation (GDPR), will impose far-reaching requirements on businesses to protect consumers’ personal information. Other notable privacy regulatory developments include Vermont passing a data broker law in May, Chicago introducing a data protection ordinance in June, Japan and the EU agreeing on a reciprocal finding of adequacy in July, and China enacting its Cybersecurity Law last year. This is a fast-evolving field, and more changes are certain to come.

These recent global developments have underscored the need for emerging companies and investors in digital marketing and consumer-facing industries to develop a topline privacy compliance strategy, that ensures the company complies with obligations under various regulatory frameworks, including privacy notice requirements under the GDPR, the most stringent to date. To do so, you must first determine the applicable jurisdictions and then develop privacy and data security practices that comply with the jurisdictional requirements. Topline compliance is unique to your business. A comprehensive review of your business practices in collecting, using and sharing personal data, as measured against the applicable regulations, is critical in avoiding legal pitfalls and enforcement actions.