As everyone knows, GDPR is a European legislation, however, it effects all entities that processes personal information related to European citizens. This makes GDPR a challenge for almost all businesses and authorities around the globe, since it is almost impossible to know if a person is, or later becomes, an EU-citizen.

On top of that, the question of privacy led by the EUs GDPR, are getting traction all over the world, and many corporations are cheering on this development. One of its stronger advocates is Apple´s CEO Tim Cook, long known for his strong position on personal integrity.

In a keynote at the International Conference of Data Protection and Privacy Commissioners, Cook praised Europe’s “successful implementation” of privacy law GDPR, and said that “It is time for the rest of the world … to follow your lead. We at Apple are in full support of a comprehensive federal privacy law in the United States.” Other advocates for stronger US privacy regulations are IBM’s CEO Ginni Rometty, although calling for a “regulatory scalpel, not a sledgehammer”.

And things are happening.

In June, California passed the Californian Consumer Privacy Act, CCPA, with strong rights for personal data. Many of the principles are known from GDPR, but whilst GDPR are focusing on personal integrity, the CCPA, as the name says, focuses on a consumer´s relationship with a business. Non-profit organizations and public entities are therefor excluded. CCPA will enter into effect the 1st of January 2020.

Many other states are following, by passing its own privacy bills, or strengthen existing consumer laws.

But things also start moving on a federal level.

In July, the White House said it was looking forward to working with Congress on “a consumer privacy protection policy that is the appropriate balance between privacy and prosperity.”

And in late November this year, we got to know that Senators Richard Blumenthal (D) and Jerry Moran (R) are working on a bipartisan bill that would provide many of the same protections offered by the GDPR. The congressmen are hoping to have the bill drafted soon, and it may be voted on by early 2019.

So things are happening, and the question is if US companies will make the same mistakes as European companies.

When GDPR entered into effect 25th of May 2018, very few European companies where prepared, putting them into great risk of fines, damages and bad will. The sudden urgency have created bad habits where companies desperately develops routines for deleting all data “not absolutely necessary”, leaving them wing cut for the data driven future.