Back when GDPR dropped in 2018, some companies simply pulled their advertising business from the EU, others opted to maintain compliance only in GDPR-affected territories and some chose to make their entire global business GDPR-compliant rather than deal with the legal, operational and engineering expense and hassle of maintaining distinct policies for different regions. Global compliance was a long-game strategy, and it looks like it was the best one. It’s plainly evident that data privacy is a global trend. While each law is different, together the emergent regulations should stand as a call to action for all digital businesses.
Comply, one way or another
Generally speaking, companies facing a deluge of data privacy laws have two options. They can meet each new law on its own terms, bringing together operations, legal, engineering and any other stakeholder departments to formulate a plan and put it into action every time the game changes. Or—the far better option—they can get ahead of the inevitable new data paradigm and adopt a global data policy framework. That is, they can adopt an operational policy that aims to comply with any likely potential iteration of the data privacy regulations we can expect to see.
Adopting a global data privacy framework is a challenge, no doubt. But the alternative is worse.