Understanding
the New Regulatory Landscape
White Paper | May 2020
Considered the mother of all global privacy regulations, the
General Data Protection Regulation (GDPR) was introduced by the European Union in 2018
and with it came sweeping reform, new requirements and accountability for organizations and any data they process or acquire. GDPR applies to any organization that handles even one European Union Citizen’s data and regulates all aspects of data collection including the data destruction process. Unlike previous regulations, GDPR has teeth:
Noncompliance, breach and media destruction violations result in hefty fines.
As outlined in the following list, each of these protection laws and regulations impact an organization's data destruction process, responsibilities, and liability.
Click each link to view more information.
GDPR:
General Data Protection Regulation
NIST:
National Institute of Standards and Technology (Cyber Security Framework requirements mandated via Presidential Executive Order 13800 May 11, 2017)LGPD:
Brazilian General Data Protection Law (effective July 8, 2019)CCPA:
California Consumer Privacy Act (effective January 1, 2020)State laws:
35 U.S. States have enacted data privacy laws and/or require NIST CSF standards. Nearly every state has data privacy at the forefront of its legislative process.U.S based law: Already a topic of heavy discussion and congressional committee work, it’s logical to assume a national data privacy law will be enacted in the near future
Photo by Tingey Injury Law Firm on Unsplash