Find Your Specialist


Contact Us

    Find a Specialist

    GDPR & Other Data Privacy Regulations

    Prepare for a New Era of Data Privacy Regulation

    Every day, it feels as though there is a new data breach in the headlines. Consumers are calling for the companies to be held responsible, and in response various governing bodies have issued their own data privacy regulations (GDPR, CCPA and more). If companies are found non-compliant with these regulations, they can face major fines and penalties.

    With a growing number of data privacy regulations, it may be difficult to determine how to keep up. To get started, here are key questions to ask about  your data management:

    • What data are we capturing and from whom?
    • Where is our data stored?
    • Who in our company is the “one-stop-shop” for data protection?
    • Who has access to this data, including third parties?
    • How would we respond to a request for information, or a request to be forgotten?
    • Do we understand our data flow and access points?
    • Where do we have gaps to address to reach compliance?

    If these questions are difficult to answer, the Process, Risk & Governance specialists at Frazier & Deeter can help you understand both your current state and actions you need to take to comply with various data privacy regulations.

    Interested in similar topics?

    Subscribe to our newsletter: Risk & Compliance Insights

    Data Privacy Regulations:


    General Data Protection Regulation (GDPR)

    Effective May 2018, GDPR unifies data privacy laws across the European Union (EU). Unlike prior data privacy laws in the EU, GDPR applies to all companies processing personal data of EU citizens, regardless of where the company is located. Requirements range from system design and consent requirements to providing data subjects with data upon demand. Penalties for noncompliance can soar as high as 20 million Euros ($23.5 million) or 4% of annual global turnover.

    Learn More about GDPR:

    California Consumer Privacy Act (CCPA)

    Effective January 2020, CCPA is a first-in-the-nation privacy act that gives California residents control of their data. It affects certain for-profit companies who handle or process the personal information of California residents regardless of where the company is located. While penalties for GDPR are capped, CCPA is not. Civil penalties of up to $7,500 per violation and statutory damages of $100-$750 per data breach can be issued.

    Learn more about CCPA:

    New York Department of Financial Services Regulation (NYDFS 500)

    With the growing potential impact of cybercrime on financial service entities, the New York Department of Financial Services (NYDFS) responded by implementing new regulation regarding cybersecurity requirements for financial institutions under DFS regulation. As of February 2018, covered entities must submit an annual Certificate of Compliance attesting to their cybersecurity program. Failure to certify exposes the entity to a “substantive deficiency,” punitive sanctions, and/or legal and compliance risk, all of which could negatively impact both a financial service entity’s reputation and financial results.

    Learn more about NYDFS 500:

    Find a Specialist

    Privacy Overview

    When you use or access the Site, we use cookies, device identifiers, and similar technologies such as pixels, web beacons, and local storage to collect information about how you use the Site. We process the information collected through such technologies, which may include Personal Information, to help operate certain features of the Site (e.g., to prevent online poll participants from voting more than once), to enhance your experience through personalization, and to help us better understand the features of the Site that you and other users are most interested in.

    You can enable or disable our use of cookies per category.
    Always Enabled

    Essential cookies enable you to navigate our Site and use certain features, such as accessing secure areas of our Site and using other features of our service that require us to keep track of certain information as you navigate from page to page. Although some of these cookies are “required” to enable certain functionality, you can disable them in the browser, but doing so will limit your ability to use the features supported by such cookies.

    Functionality cookies are cookies that support features of the Site, such as remembering your preferences.

    These cookies collect information about how you use our Site, including which pages you go to most often and if they receive error messages from certain pages. These cookies are only used to improve how our Site functions and performs.

    From time-to-time, we may engage third parties that track individuals who visit our Site. These third parties may track your use of the Site for purposes of providing us with certain marketing automation features (to help us improve our outreach to current and prospective clients) and providing you with targeted advertisements.