“There are very good reasons to care about privacy laws, including those of other states and countries” – says Gary D. Weingarden Esq., CDPO, CIPM, GDPR-R, “but fear of cross-border fines isn’t at the top of the list.”

Per Weingarden:

  • If you’ve certified compliance with Privacy Shield, you should comply.
  • Individuals and classes of plaintiffs can sue.
  • Not complying with the GDPR or other international data protection laws will make international deals tricky.
  • Not caring about privacy will damage your company’s reputation.
  • But don’t base your decisions [solely] on fear of huge fines unless you have assets where they could be imposed.

And I would add:

  • If you are a service provider and your clients are companies who are subject to GDPR or CCPA, you would need be able to show these companies that you can help them comply in order to get the business from them.

Read Gary’s piece on Prescriptive Jurisdiction for IAPP.