GDPR: The New Global Standard?

May 20, 2018 began the enforcement of the European Union (EU) the General Data Protection Regulation (GDPR). The short story is that this regulation is designed to protect EU citizens and information gathered and held by organizations that is considered Personally Identifiable Information (PII). Organizations conducting business in the EU, had to make changes to their information governance policies and practices to accommodate the GDPR in areas like presenting all information held on a requesting individual, deleting that information upon request, managing only the information needed for a specific purpose, contact by permission, and more.

On June 28, 2018, California passed the California Consumer Privacy Act (CCPA) of 2018. In many ways, this law mimics the GDPR in the sense it is intended to provide greater access and control by an individual over their PII including the ability to:

  • request to be informed about the kinds of personal data collected and the reasons it was collected.
  •  request deletion of all PII.
  • opt out of the sale of their PII.
  • request access to personal information held, in a format that is transferable to third parties.

LawThis law also provides a broad definition of PII that includes geolocations, biometric data, browsing histories, biometric data, and psychometric data. In short, any PII that could be used to identify you, patterns in your behavior, and other key elements that could enable profiling for use in target marketing, targeted sales, or other areas where targeting certain characteristics would be beneficial to an organization.

In My View

I know I have oversimplified this in my brief interpretation, but the fact remains that in 2020, organizations transacting business in California, must be ready. This means changes in their information governance policies and practices, routine audits to ensure all members of the organization adhere to the new regulations, and perhaps additional or new technologies to support the new ways-of-working.

Is GDPR the new global standard? Maybe not verbatim, but in this case, it appears to be the foundation.

Bob Larrivee is President and Founder of Bob Larrivee Consultancy, and a recognized expert in the application of advanced technologies and process improvement to solve business problems and enhance business operations. In his career, Bob has led many projects and authored hundreds of eBooks, Industry Reports, Blogs, Articles, and Infographics. In addition, he has served as host and guest Subject Matter Expert on a wide variety of Webinars, Podcasts, Virtual Events, and lectured at in-person seminars and conferences around the globe.

Bob  can be reached by email at and through the website

Leave a Reply