With so many data privacy laws being proposed, enacted, and amended, how does a company comply? Data privacy lawyers spend their time analyzing this developing, “grey” area of law in effort to help companies who struggle with this question.
Ultimately, many companies are faced with a tough decision: to comply or not? It is not that these companies are ill-natured, but rather they are juggling numerous (often conflicting) obligations. Or, even more commonly, the companies are forced to prioritize compliance requirements as they develop a comprehensive data privacy program.
By now, most of us have realized that developing a comprehensive data privacy program takes time. The size of the company and amount of protected data involved are factors that influence the amount of time it takes to build a data privacy program.
So, how do you determine which data privacy requirements to prioritize?
The answer will vary for each business. However, the company would be well-served by working closely with its privacy counsel to understand which laws it is subject to. Second, it is important to consider the consequences of the relevant laws. How steep are the penalties? How often are enforcement actions initiated? Compare recent actions for violations of the relevant laws to gain insight about the issues that most concern the authorities. Finally, keep moving towards compliance. The ability to demonstrate a good faith effort might just be your saving grace.