What do Virginia, California, and Brazil all have in common? In addition to the EU's GDPR, these are now locations with their own consumer data protection laws. Virginia recently launched the Consumer Data Protection Act (CDPA), making it the second U.S. state with its own consumer data protection legislation. Broadly, it seems similar to the California Consumer Privacy Act (CCPA), but there are enough minor differences to create a compliance burden for legal teams. That is if they’re not prepared.
It’s unlikely that talk of privacy issues will die down in 2021. Additional U.S. states may enact their own privacy regulations, forcing organizations to constantly audit and update their own policies and contracts. Regardless of exactly how many new data protection laws come to fruition, legal teams need to be proactive and ready.
Prepare for Efficient Contract Auditing and Updates
Similar to compliance efforts in the past, new regulations will force companies to perform large-scale contract audits. Knowing this is inevitable, it’s time to adopt the technology that is best suited to make this process as efficient as possible. You're going to need data-mapping software and real-time contract analysis software. Data-mapping software will clearly show whose data goes to what systems. Contract analysis software will show that your contracts cover every use case on those data maps, and have been updated for any changes.
To address the legal part of that problem, LinkSquares is here to help. We can locate the relevant clauses in each of your agreements and help organize and categorize every contract that is impacted by the CCPA, CDPA, and other regulations that pass in the future.
Broad Regulations Need Adaptable Compliance
Legal teams need modern technology at their disposal. These are "young" laws with some board regulations. For example, Brazil’s LGPD has the requirement to offer "reasonable" notification of a data breach. While the GDPR specifically says data breaches must be communicated within 72 hours of discovery, "reasonable" time to an LGPD regulator is unknown, and likely subject to case-by-case interpretation. Brazil's definition of "personal data" is also very broad, and subject to regulatory interpretation.
Broad regulations bring uncertainty and your legal team needs to be able to react as efficiently as possible to unforeseen circumstances. Personal data processing laws will never be universal, so your compliance must be adaptable. Broad regulations mean these laws will be open to rulings such as the Schrems II decision, which invalidated the Privacy Shield between the US and the EU, and also amendments and expansions such as the CPRA to the CCPA.
It’s not just your own contracts to be aware of. Vendor contracts need to be tracked to make sure that they are compliant and possibly renegotiated. Without automated contract analysis, your legal team will constantly play catch-up to the latest regulatory updates around data privacy.
Your legal team needs the best software to manage the contracts that run your business. If you want to make sure you have the tools to keep your contracts -- and your business -- compliant with the latest data privacy requirements, contact LinkSquares today.
This post was written with LinkSquares’ Kiren Latka, Senior Legal Specialist, Product Operations. She holds a J.D. from Northeastern University and is passionate about working with customers on custom smart values.