Both the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) in the United States effectively put in place greater restrictions around how companies collect and process the personal information of consumers and employees. “Right of access” requests from data subjects, particularly, are still creating compliance headaches.
