The new year brings about the long-awaited enactment of both the GDPR and the California Consumer Protection Act. If not done so already get with a competent business attorney as well as certainly some marketing folks to make sure that you have the appropriate language and processes in place.
I also want to take this from a Crisis PR standpoint. Part of these laws discusses the transparency of disclosing a breach that involves personal data in a timely matter. Most companies, quite frankly, do it poorly. Organizations need to possess a robust response plan in place should the unfortunate but likely event of a data breach occur. Nowadays, it’s not just merely the loss and trust of consumers, which is bad enough. They could also wind up facing significant legal challenges to the tunes of tens of millions of dollars.
Small and mid-size organizations can find themselves just as vulnerable, if not more, under these laws. Find somebody that you can trust to go over what your crisis communications response plan is and how it should integrate with your operations. The stakes are even higher than they were before.