This article will provide you with a knowledge basis for several data privacy laws like GDPR, CCPA, and LGPD.
Increasingly every day, recognition spreads for the need to protect our personal data. Laws like GDPR, CCPA, and LGPD have set the stage and have ignited discussion around the globe as other countries explore the possibility of enacting data privacy laws of their own.
So what are data privacy laws? Data privacy laws help to set the framework for how users' personal information can be stored, shared, used, and what can be collected. These laws give control to each user and allow individuals to consent to how their data is being used. There isn't a global regulation protecting all users, therefore several different laws exist to protect regions or countries, such as GDPR, CCPA, and LGPD.
The General Data Protection Regulation is the latest European data privacy law that aims at changing the way EU citizens’ personal data is collected, processed, and stored, transferring the power over personal data from companies to data subjects.
A person’s identity is no longer just a set of randomly floating data. The new law provides power, control, and consent over the shared data.
According to the GDPR, consent must be obtained from data subjects before companies can collect any personal identifying information. It also brings a new perspective on consent management, in which the liberty to withdraw consent must be granted at any moment.
Even though the first step towards GDPR compliance is awareness and a thorough understanding of what changes the regulation has brought, acknowledging its impact over your organization is the starting point towards compliance.
CCPA is a state law that enhances privacy rights and consumer protections for residents of California. CCPA became effective on January 1, 2020 and enforceable as of July 1, 2020. This regulation requires companies that are collecting personal information from California residents (regardless of where the company is located) to implement CCPA-compliant protocols and procedures.
Personal information is any information that identifies, relates to, describes or could be linked to a consumer or household and includes data such as name, email, date of birth and even IP address. Your business is subject to and needs to comply with CCPA if it collects data from California consumers and exceeds at least one of the following thresholds:
- Earns annual revenues of more than $25 million;
- Collects and processes personal information of at least 50,000 consumers, households or devices; or
- Derives at least 50% of its annual revenues from “selling” consumers’ personal information.
In August 2018, Brazil enacted Lei Geral de Proteçāo de Dados (“LGPD”), with enforcement beginning in September 2020. The LGPD applies to any private or public individual or company with personal data processing activities that:
- Are carried out in Brazil;
- Collect personal data from Brazilian consumers;
- Involve offering and supplying goods or services in Brazil; or
- Relate to data subjects who are geographically located in Brazil.
The LGPD has an extraterritorial scope, meaning that even if businesses aren’t physically located in Brazil, they will need to comply with the regulation. Additionally, there is no small business exemption or revenue requirement, so any business meeting any one of these requirements has a compliance obligation. Companies across a broad spectrum of industries, from financial to technology to hospitality and travel to insurance, will be affected. To put it simply, if you’re collecting and processing data from Brazilian consumers, you need to comply with the LGPD.
It is key to understand where your users are located, as many data privacy laws are related not to the location of your organization, but to the location of the individuals who will be accessing your website and content. Following the policies of several data privacy laws around the world is the most efficient way to ensure your organization remains compliant. Failure to follow laws like GDPR, CCPA, and LGPD can result in fines, lawsuits, and more.
Every day, other countries and regions look to implement their own laws, using GDPR, CCPA, and LGPD as guidelines to model their own policies after. Operating in an evolving landscape may seem intimidating, and that is why Clym is here to help you navigate the data privacy landscape with ease so that your organization can stay protected.
Please note, if you come across any challenges, you can reach out to us via chat or email us at email@example.com.