On this week of Serious Privacy, Paul Breitbarth and K Royal discuss the European Union’s General Data Protection Regulation, because three years ago from the day this episode was released (May 25, 2021), the GDPR went into effect. And whether you consider it three years or or five (per this Twitter debate), it was a world-changing event.
In this episode, they talk about the changes seen in the past three years, including the two years before that when the GDPR was passed. They discuss penalties and amounts known, but also the most frequent violations. Companies can learn alot by looking at enforcement to know where to prioritize their compliance activities – or at least what to check to make sure it is properly in place. They discuss the locatemyfamily.com that has been in the news lately, including for not appointing a European representative, and the challenges the data protection authorities faced to investigate the complaints across the ocean.
In addition, they discussed how the GDPR impacted US legislation, such as the concept of controllers and processors, and the definition of sensitive personal data. The GDPR influenced the California Consumer Privacy Act (CCPA), or more so the California Consumer Privacy Rights Act (CPRA) and the Virginia Consumer Data Protection Act (CDPA) – the latter two take effect in 2023. There is discussion of the importance of EU representatives – and there is a passing mention of the upcoming standard contractual clauses. This week’s episode can be heard on our website or streamed below.