May 2019 marks the one year anniversary of the implementation of the General Data Protection Regulation (GDPR), the most substantial change in data privacy regulation in decades. While the GDPR has done significant good in raising awareness around individuals’ rights when it comes to data, the story of enforcement has been entirely different.
The surprising lack of large fines and the continued misuse of third party data, which many thought would cease to exist altogether, has been glaring this past year. However, this can still change with the implementation of new legislation, such as the anticipated ePrivacy component — the next element of the EU’s data protection regime that is anticipated to go into effect soon — and a major data privacy development coming to the U.S. in January 2020: the California Consumer Privacy Act (CCPA). In this post, I’ll discuss lessons learned from the GDPR after one year and tips for how to best prepare for the CCPA and other more stringent legislation that’s anticipated in the near future.