Find a Specialist

Gina Gondron, CISA, CIA, CDPSE
PRG Partner
404.573.4054
Atlanta, GA
gina.gondron@frazierdeeter.com

GDPR & Other Data Privacy Regulations

Prepare for a New Era of Data Privacy Regulation

Every day, it feels as though there is a new data breach in the headlines. Consumers are calling for the companies to be held responsible, and in response various governing bodies have issued their own data privacy regulations (GDPR, CPRA and more). If companies are found non-compliant with these regulations, they can face major fines and penalties.

With a growing number of data privacy regulations, it may be difficult to determine how to keep up. To get started, here are key questions to ask about your data management:

What data are we capturing and from whom?
Where is our data stored?
Who in our company is the “one-stop-shop” for data protection?
Who has access to this data, including third parties?
How would we respond to a request for information, or a request to be forgotten?
Do we understand our data flow and access points?
Where do we have gaps to address to reach compliance?

If these questions are difficult to answer, the Process, Risk & Governance specialists at Frazier & Deeter can help you understand both your current state and actions you need to take to comply with various data privacy regulations.

Insights:

Data Privacy Regulations:

General Data Protection Regulation (GDPR)

Effective May 2018, GDPR unifies data privacy laws across the European Union (EU). Unlike prior data privacy laws in the EU, GDPR applies to all companies processing personal data of EU citizens, regardless of where the company is located. Requirements range from system design and consent requirements to providing data subjects with data upon demand. Penalties for noncompliance can soar as high as 20 million Euros ($23.5 million) or 4% of annual global turnover.

Learn More about GDPR:

California Privacy Rights Act (CPRA)

Effective January 1, 2023, CPRA is a first-in-the-nation privacy act that gives California residents control of their data. It affects certain for-profit companies who handle or process the personal information of California residents regardless of where the company is located. While penalties for GDPR are capped, CPRA is not. Civil penalties of up to $7,500 per violation and statutory damages of $100-$750 per data breach can be issued.

Learn more about CPRA:

“Data Privacy Laws Are Evolving: What You Need to Know”

New York Department of Financial Services Regulation (NYDFS 500)

With the growing potential impact of cybercrime on financial service entities, the New York Department of Financial Services (NYDFS) responded by implementing new regulation regarding cybersecurity requirements for financial institutions under DFS regulation. As of February 2018, covered entities must submit an annual Certificate of Compliance attesting to their cybersecurity program. Failure to certify exposes the entity to a “substantive deficiency,” punitive sanctions, and/or legal and compliance risk, all of which could negatively impact both a financial service entity’s reputation and financial results.

Learn more about NYDFS 500:

“Complying with New York’s Cybersecurity Regulation (23NYCRR 500): What Financial Services Firms Need to Know)”

Find a Specialist

Gina Gondron, CISA, CIA, CDPSE
PRG Partner
404.573.4054
Atlanta, GA
gina.gondron@frazierdeeter.com

Privacy Overview

When you use or access the Site, we use cookies, device identifiers, and similar technologies such as pixels, web beacons, and local storage to collect information about how you use the Site. We process the information collected through such technologies, which may include Personal Information, to help operate certain features of the Site (e.g., to prevent online poll participants from voting more than once), to enhance your experience through personalization, and to help us better understand the features of the Site that you and other users are most interested in.

You can enable or disable our use of cookies per category.

Necessary

Always Enabled

Functionality

Performance

Tracking or Targeting