Data privacy regulations are coming – Make sure your company is prepared
Nearly two years since the General Data Protection Regulation (GDPR) went into effect, many companies are still struggling to comply due to the complexity of the legislation and inadequate resources – as evidenced by British Airways’ notice of intent for a record $230 million GDPR fine. Across the pond in the United States, a slew of proposed data privacy regulations are leaving companies similarly perplexed (e.g. the recent California Consumer Privacy Act was met with confusion by businesses unsure of what the new law requires of them).
In addition to California, several states have successfully signed consumer data privacy legislation into state law, including Nevada’s Senate Bill 220 Online Privacy Law which took effect in October 2019, and the Maine Act to Protect the Privacy of Online Consumer Information, slated to take effect this July. Similar legislation is pending in several other US states, including Pennsylvania, Massachusetts, Hawaii, and more.
While there’s no telling whether all of this legislation will pass, due to the complexity of existing regulations, companies would be wise to take steps now to improve customer data privacy and security practices rather than scrambling to catch up later if they do. We’ve pulled together a heat map to help you keep track of US data privacy legislation, and the following tips to help you prepare:
- Start early! GDPR and CCPA require changes that won’t just happen overnight. Keep track of potential legislation in the states where you do business, and start examining company policies as needed to ensure you and your customers are protected.
- Make sure you know how your company collects and uses data. A large part of the current requirements is being able to disclose this information to consumers – GDPR requires that companies notify consumers at the time that their personal data is collected, and CCPA requires companies to notify them within 45 days of any personal data request. A great place to start is to map out how your company collects data, how it is used, and how it is stored so that you have this information at the ready if need be.
- Adopt PCI compliance standards. PCI is the highest standard for payment security and will ensure your company is compliant with GDPR, CCPA or any new data privacy regulations. PCI Pal can help – our solutions empower organisations to take payments securely without bringing their environments into scope of PCI DSS and other relevant data security rules and regulations.
Contact us today to learn how our secure payment solutions can help ensure your customer information is protected and your company is prepared for potential data privacy regulations.