When the General Data Protection Regulation (GDPR) was implemented in 2018, we entered a new era which emphasises data security and customer control over personal information.

With wide-ranging implications, one of the key areas of GDPR is that it gives customers the right to compel businesses to delete any trace of their information from company servers (known as the right to be forgotten). This creates real incentives for more secure storage and handling of personal data.

Any company that handles the data of a single European citizen must comply with GDPR or incur incredibly costly fines for minor infractions. It’s important to note as well, that the scope of the legislation is not limited to Europe, but rather to any business or service that welcomes EU citizens as users – a significant point, given that the proliferation of major breaches of business databases occurs on a global scale.

The California Consumer Privacy Act (CCPA) is another noteworthy piece of regulation focussed on data privacy, which came into effect at the start of 2020. Whilst there are some differences in the scope of CCPA in comparison to GDPR, there are also a number of similar rights, such as the right to be informed, the right of access, and the right to portability.

NB: None of the above is intended as legal advice. Please speak to a legal representative for information on how these regulations may affect your company.