FAQs

In most cases, yes. If you offer goods or services in the EEA or even process data about living persons in the EEA, GDPR compliance requirements will apply to most companies (including non-profits). The scope of your company's obligation will really depend upon what types of data you have and what is being done with it.

No. While CCPA was influenced by GDPR, there are some differences. The good news is, because of their similarities, you're probably headed in the right direction. CCPA compliance requirements are also evolving rather quickly so it is important to know the differences.

No. ISO standards will certainly be steps in the right direction but ISO or any other standard is no assurance of regulatory compliance.

Unlikely. 2% and 4% fines usually indicate some pretty serious behavior. Having a gap in your program is never good but it is unlikely to bring down such fines. Things like not having a privacy program, not being able to demonstrate compliance or not cooperating with regulators are the kinds of things that will make matters worse.

The simple answer is, it depends on the work we're doing for you. We are not the least expensive firm. The value we provide is the combination of I.T backgrounds and data privacy regulation expertise. Our goal is to help your company achieve compliance with the least disruption to your operation.

We hope not. The consensus in the privacy community is that the U.S will see a national law to avoid the patch work approach of each state having its own law. There are currently several efforts in the U.S Congress to make that happen.

This is a very clear example of why getting advice on your privacy program makes sense. Building out a privacy program is complex under the best of conditions. The right roadmap will improve business agility as compliance requirements evolve.

For a variety of reasons our firm does not do IT work. Chief among them, no one knows your systems better than you do. It also would take a lot more time and would not be cost effective. As former IT professionals, we do however, give pragmatic advice with IT teams in mind.

Data privacy usually refers to regulations like Europe's GDPR that protect the rights of individuals. These regulations require companies to safeguard data and use it for the purposes for which it was given. In addition to protecting individual freedoms, data privacy also sets companies apart in the marketplace ethically and protects the company's brand.

The two are obviously closely related but their focuses are different. Security does serve an individual's privacy rights but it is primarily a company protecting its data and other company assets. Privacy, is a company protecting the interests of the individual by not only safe guarding their data but using it in accordance with legal and ethical standards.