It’s hard to believe it’s been almost three years since the EU enacted its General Data Protection Regulation (GDPR), which fundamentally changed how businesses collect, process, and store consumer data. For many organizations, the GDPR was a major disruption that forced them to switch from a mindset of “collect as much data as you can in case you need it someday” to a mindset of only collecting and storing the data they really need to conduct business. Compounding that disruption, several other countries quickly passed similar laws, including:
And then there are countries like South Korea and Argentina, which had privacy policies even before the GDPR.
Global data privacy laws and regulations (proposed and in effect)
But for many small- and medium-sized U.S. businesses, those international laws weren’t much more than a blip in the news cycle. Now, however, things are changing. Despite (or perhaps because of) the lack of a federal privacy laws, states are beginning to enact their own. The most well-known is California’s CCPA, which has even stricter standards than the GDPR. And, as with the GDPR, a business doesn’t have to be based in California for the law to apply; it just has to have customers who are California residents.
Other states are paying attention, especially as consumers become more concerned about the use and security of their personal data. Here are the states that have either passed privacy laws or have them in the works:
So it’s no wonder that smaller businesses across the United States are anxious about data privacy laws and how they’re going to become compliant. However, while I firmly believe that respecting the value of your consumers’ data will be a competitive advantage, there’s no reason to panic about laws that don’t even apply to your company.
How American businesses should respond to state-based privacy laws
First, let me make one thing clear: Every business should be moving toward privacy by design, where protecting consumer privacy is built into your processes from the ground up rather than being added later as a patch. That’s a global trend that’s not going away and will become a requirement for all business over time. However, let’s focus on what you need to do (or not!) right now to keep your organization compliant with all applicable laws.
Find out which laws apply to you
Despite the seeming universal nature of the internet, not every state law applies to every business. Here are a few examples:
- Geography: If you’re a brick-and-mortar business that doesn’t conduct online sales, you probably don’t have to worry about laws outside of your own state.
- Gross revenue: California’s law, for example, makes an exception for businesses that generate annual gross revenue of less than $25 million.
- Type of relationship: Some state laws are based on the type of relationship a business has with consumers. Vermont’s law, for example, doesn’t apply to businesses that have a direct relationship with their consumers, such as websites, apps, or e-commerce platforms. Instead, the law …read more
Read more here:: B2CMarketingInsider