By any measure, 2018 was a major year for data privacy regulation. The most significant regulatory development in this area was the European Union’s General Data Privacy Regulation (“GDPR”), which went into effect on May 25, 2018 and establishes what is probably the most rigorous data protection regime currently in existence. As adopted, GDPR includes numerous restrictions on the use of individual personal data, coupled with an expansive extraterritorial reach that makes compliance with its provisions a concern for many business who maintain even relatively minor connections with the European Union. Also in 2018, the State of California enacted the California Consumer Privacy Act (“CCPA”), which establishes a data protection regime that is in many ways inspired by GDPR and will come into effect on January 1, 2020.

Continue reading.