Founder of Apple, Steve Jobs, once remarked, “Privacy means people know what they’re signing up for, in plain language, and repeatedly. I believe people are smart. Some people want to share more than other people do. Ask them.”

Privacy laws in the United States are a bit like a wave pool at a water park—they’re constantly fluctuating and just when you think you’ve got your footing, another wave comes at you to knock everything from under you.

Giant strides have been made in privacy rights and regulations in Europe and many parts of the globe ever since the General Data Protection Regulation (GDPR) became enforceable on May 25th, 2018. In a world with serious impediments to my privacy and yours, the GDPR, to varying degrees of success, has been slowly leveling the field in how personal data is treated; rest assured, it’s a lot more than the privacy e-mail updates you’ve been receiving and the website cookie banners you’ve been accepting. In layman’s terms, the GDPR mandates requirements for storing, processing, accessing, and protecting personal data. We’ve all heard it – failure to comply with the Regulation attracts staggering fines of up to 4% annual global turnover of the prior financial year, or €20 million, whichever is higher. Despite the laundry list of concerns surrounding the Regulation, there has been reasonable progress since the enforcement date. Here are some notable observations since the inception of GDPR that you should know:

For those not tracking the evolution of California’s Consumer Privacy Act (CaCPA), we’ve got some updates for you! While most are just familiarizing themselves with CaCPA’s original requirements, a new senate bill (SB-561) was just introduced last week by two California Senators with intention to further strengthen the rights of Californians. And while changes to the bill are already hardly considered uncommon, the amendments could raise the stakes for organizations who are already concerned with the Acts expectations.