Data Privacy Regulations and Why Your Business Should Care

Mannix Marketing is a Full Service Digital Marketing Agency. We are not lawyers and therefore advise you to consult a professional when exploring legal matters involving privacy and protection regulations. Our hope is to emphasize the importance of Data Privacy Regulations and urge your business to take action if you are not currently adhering to the specific guidelines that may apply to you. Business Data Privacy laws and regulations in the EU and the United States are subject to change. If any of the information in this blog applies to you, we suggest you consult a legal professional for legal advice and the most up to date information.

General Data Protection Regulation (GDPR):

What is General Data Protection Regulation? GDPR is an EU law covering data privacy and protection in the EU and European Economic Area and stands as an important factor of the overall EU privacy law and human right to privacy.

Does this apply to your business? Although this question is best answered through a consultation with a lawyer who specializes in matters of privacy and protection, here are some simple things to consider when determining if GDPR applies to you. 

  • Is it possible that someone in the EU could purchase or order an item from your business and send or deliver that item to a non-EU resident?
  •  Do you cater to clients or customers that reside in the EU? 
  • Does your organization use website tools that track cookies or IP addresses of website visitors regardless of their location? 

If you answered yes to any of the above questions, it’s best to comply with GDPR. Even though you may be a non-EU organization, you still may be in a position where it is important to prioritize and implement EU privacy and protection regulations. Some exceptions exist for organizations with less than 250 employees. 

Resources to learn more about EU GDPR:

GDPR Consent Requirements

GDPR Compliance Checklist for US companies


As of now, there is no official principle that covers all aspects of data protection within the United States. Currently there are eight states with bills proposed for Data Privacy Protection, and five states with complete consumer data privacy laws. We want to emphasize that while there is a possibility the laws we are discussing currently do not apply to your business, there is a chance that they could be applicable to you in the future. Below we will mention the five states in the United States with data privacy laws that are effective or soon to be. 

California Consumer Protection Act (CCPA):

What is the California Consumer Protection Act? The CCPA provides consumers with more control over the information businesses collect from them, while also giving guidelines to businesses about data collection transparency. The CCPA applies to for-profit businesses that do business in California and either have a gross annual revenue of over $25 million; buy, receive, or sell the personal information of 50,000 or more California residents, households, or devices; or derive 50% or more of their annual revenue from selling California residents’ personal information.

Resource to learn more about CCPA:

California Consumer Privacy Act

Colorado Privacy Act (CPA):

The Colorado Privacy Act outlines consumer privacy rights as well as companies’ responsibilities in relation to personal data protection and additionally provides the Attorney General and district attorneys the power to enforce the law effective July 2023. This law will give residents the right to exclude themselves from targeted advertising, and the consumption and sale of personal data and information. If you have the potential to reach consumers in Colorado, these laws are applicable to your business. 

Resource to learn more about CCPA:

Colorado Privacy Act

Virginia Consumer Data Protection Act (VCDPA):

Made effective in January 2023, the Virginia Consumer Data Protection Act provides potential consumers the ability to ask that businesses delete their personal data. This law is applicable to non-governmental companies and businesses in Virginia that have access to data from over 100,000 consumers, or earn a large majority of their revenue through processing personal data or selling it to other businesses. 

Resource to learn more about VCDPA:

Virginia Consumer Data Protection Act

The Connecticut Data Privacy Act (CTDPA) 

The Connecticut Data Privacy Act protects the personal data of state residents as they shop or search on the internet or purchase in store. It establishes standards for how data can be controlled and processed by businesses. Residents can opt-out of their data being sold, can receive a copy of their data, can delete their data, and can rectify inaccurate data. If there’s a chance a Connecticut resident could end up on your website as a visitor or consumer, this applies to your business.

Resource to learn more about CTDPA:

Connecticut Data Privacy Act

The Utah Consumer Privacy Act (UCPA)

The Utah Consumer Privacy Act provides consumers with knowledge of the data being collected about them, how that data is utilized, and if that data has the potential to be sold to third parties. If it’s possible that someone from Utah could land on your website or purchase your products or services it is safest to ensure your business complies with these restrictions. 

Resource to learn more about UCPA:

Utah Consumer Privacy Act

New York Shield Act:

The New York Shield Act requires businesses that collect personal data to take action in protecting that information with cyber security. Personal data in this case is considered to be private information such as a driver’s license number, social security, finance metrics, and login information. Shield covers some aspects of privacy that users have the right to but does not implement these rights to the same level and extent as regulation programs such as the CCPA and GDPR. Therefore, a New York Privacy Act has been proposed and is under review.

The Proposed New York Privacy Act (NYPA):

What is the New York Privacy Act? This act would build upon the framework of the New York Shield Act by enforcing that businesses like yours provide consumers with a deeper understanding as to why data is collected, what data is collected, and what it will be utilized for. The law will make it easier for people in New York to have agency in giving businesses information by enforcing that businesses provide consumers  “opt in” or “opt out” consent of their data. This law, if passed, would apply to businesses that conduct business in New York or specifically target New York consumers in their business objective.

It is hard to determine whether or not the NYPA will be passed but as it is in the works, it’s always good to start learning ways to make the data your business collects be more transparent, safe guarded, and protected for consumers.

Read the learn more about New York Data Privacy Laws:

New York Data Privacy Laws

Speak With Data Privacy Regulation Experts

We highly suggest you consider the ways that these laws and regulations currently or in the future could impact your business. Our best advice as always is to work internally within your company to evaluate your current state and bring in a lawyer for a more in-depth discussion on these matters. Although we are not legal experts and are not providing legal advice, after having a conversation with a lawyer, Mannix Marketing may be able to help you make changes to your website to better align with the plan of action decided upon by your team and legal professionals.

Learn more:

Data Protection Laws & Regulations in the United States

Privacy Law Updates in the United States

About Hannah Porter

Hannah Porter joined the Mannix Marketing team in the summer of 2022 as a Tourism Marketing Copywriter, interning for the local marketing team. In Fall of 2022, she took on a full-time position as a Sales & Marketing Assistant, helping the sales and website development teams with project management and sales outreach. In December 2022, she returned to the tourism team to work as our Social Media Manager. On a daily basis, she works to provide our clients with results through social media marketing. Hannah holds a Bachelor of Arts in English (Creative Writing) from St. Lawrence University, with a dual degree in Psychology and a minor in Film and Representation Studies. She is passionate about writing and telling stories. In addition, Hannah is local to the Adirondack region and loves exploring the area with family, friends, and her adorable dog Daisy.