This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
header image

Data Privacy has arrived: It’s time to adapt

Privacy laws are proliferating, awareness of rights is increasing, and the costs could spiral if organizations fail to act

When the EU passed the GDPR in 2016, many countries strengthened their data protection and privacy laws. It took a few years for this legal trend to hit the US, but now around one-third of states have passed comprehensive privacy laws.

Before our next report in 2025, privacy laws will start to take effect in states like Delaware, Florida, Iowa, Montana, Oregon, and Texas. We’ll continue to see enforcement of existing laws in the US, the EU, and elsewhere.

We also expect more consumers to use Universal Opt-Out Mechanisms (UOOMs) to automate “Do Not Sell” requests. In more and more states, honoring these requests will become mandatory—but our research suggests that most companies are not ready for this new landscape.

Against this backdrop, consumers are waking up to how their data is collected, used, and shared online. Privacy requests are booming year on year, with businesses facing on average 859 DSRs per one million identities in 2023 compared to 377 in 2021.

But as our data shows, DSRs can come from anywhere. Whether or not they’re covered by a privacy law, consumers want more control over how businesses use their personal data. This “trend” isn’t going away. For unprepared businesses, the costs could be eye-watering.

As legal demands and consumer expectations increase, take control of your privacy program with an automated platform that efficiently handles all types of privacy requests.