Hello all. Marketing might not be the right forum for this, but thought I'd give it a shot.
Georgia (the state) is on the cusp of passing something called the "Consumer Privacy Protection Act". This is supposed to be modeled on a law already passed in Tennessee. Other versions of this law exist in several states, although in some states non-profits are exempt. Not the case here. Some of it seems to fall under GDPR, but not all of it.
I'm wondering if anyone here has had to make updates to their policies and/or procedures based on these laws. What we're finding is that to be in compliance we should conduct a "Privacy Risk Assessment". We're just trying to get some idea of what that might mean and the level of effort involved. It's hard to find any concrete examples of how to do this, or how it applies to organizations such as ours.
Anybody out there had to deal with these laws? What actions did you take to be in compliance?
Thanks,
Henry