WHILE U.S. BUSINESSES CONTINUE TO GRAPPLE WITH THE EU GDPR, CALIFORNIA JUST PASSED THE TOUGHEST DATA PRIVACY LAWS IN THE UNITED STATES
Throughout the months leading up to the implementation of the EU General Data Protection Regulation (GDPR) — the EU’s radical overhaul of data privacy rules and regulations — we predicted that the states would begin enacting tougher, more stringent data privacy laws. (We even predicted that California would take the lead.) Yesterday, California enacted the California Consumer Privacy Act of 2018, which sets forth new requirements for the collection, use and sharing of personal information and disposes of a proposed ballot initiative which would have imposed substantially tougher privacy measures. Here is your “Renzulli Run Down” of several key aspects of the new law:
Although the law does not go into effect until January 1, 2020, businesses need to assess existing data privacy policies and practices to ensure compliance before January 1, 2020. Now is the time to conduct those assessments, particularly given that every business should also be evaluating existing data privacy policies and practices to determine whether the GDPR applies and, if it does, to ensure compliance. (You can read more about the importance of GDPR compliance here and here.)
IRS Circular 230 Disclosure: As required by U.S. Treasury Regulations, we advise you that any tax advice contained in this communication is not intended to be used for, and cannot be used for, the purpose of avoiding penalties under the United States federal tax laws.