GDPR (EU)
Key requirements: privacy by design, data subject rights, lawful bases for processing, data minimization, breach notification within 72 hours.
Penalties: up to 20 million EUR or 4% of worldwide annual turnover, whichever is higher. Non-compliance can trigger investigations and enforcement actions.
CCPA / CPRA (US)
Rights include access, deletion, and opt-out of sale; non-discrimination provisions for exercising rights.
Penalties: civil penalties can be significant per violation; enforcement by attorney general offices and potential class actions in some cases.
DROP Compliance (Upcoming)
DROP is an upcoming privacy compliance framework scheduled to be introduced Aug 1. It will impose governance, DPIA, and auditability requirements for automated privacy workflows across data lifecycles.
Automation impact: prepare with policy engines, DPIA orchestration, access controls, and auditable change history to meet DROP requirements.