Privacy Laws 2025: Prepare for the 8 Laws Going into Effect
Businesses in the US will be subject to a lot more scrutiny from...
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Now that you’ve read “The Privacy Insider: How to Embrace Data Privacy and Join the Next Wave of Trusted Brands” by Arlo Gilbert, you might be looking for a few extra resources for your privacy program journey.
As a result, we’ve built this digital appendix, complete with several of Osano’s free guides on everything from privacy programs and data privacy laws to assessments and data mapping.
As you develop your privacy program, it can be hard to know if you’re headed in the right direction.
With the Osano Privacy Program Maturity Model, you’ll not only gain information on each element of a privacy program, but you’ll also be able to score your program, identify which elements represent the biggest gap in your program, and use the recommended next steps to determine where to go next. Use the model to then track your program’s growth over time so you know your next steps as your organization evolves.
There are a myriad of words and phrases within the realm of data privacy, and it can be hard to wade through it all.
In this glossary, we’ve provided some of the most commonly used acronyms, categories of people and organizations, compliance concepts, legal terms, and more so you don’t have to open the dictionary every time a new data privacy law is released.
Privacy policies tell consumers about what types of data you collect, how you collect it, the purpose of and legal basis for that collection, as well as what their rights are, how long you’ll keep their data, who you share it with, and your security measures for keeping it safe.
Our comprehensive checklist tells you everything you need to know to create your own, and it provides you with a few examples to review.
There are several privacy regulations from around the globe. Here are a few guides to help you comply with some of them.
The European Union became one of the main leaders in data privacy when the General Data Protection Regulation (GDPR) came into effect in May of 2018. With it came several principles privacy professionals are familiar with today, such as subject rights, privacy by design, data minimization, records of processing activities, and more.
Since California introduced the California Consumer Privacy Act (CCPA) in 2020 (more on that below), several privacy laws have popped up in individual states across the country. We’ve developed several guides to help you prepare, starting with the U.S. Data Privacy Law Guide.
California established the first comprehensive data privacy law in the United States when it passed the CCPA in 2018. The state then upped the stakes with its addition to the law—the California Privacy Rights Act (CPRA), which was passed in 2020 and came into effect on January 1, 2023. It is currently one of the strongest data privacy laws in the United States. Learn more about how to comply with the law with our Survival Guide.
Here are a few more resources to help you understand privacy regulations.
States and countries are rapidly enacting data privacy laws. Learn about new laws and how they might impact your business operations in 2024 and beyond.
Learn moreThe U.S. and the EU aren't the only data privacy laws in the entire world. Another comprehensive data privacy law that you'll need to understand is the General Law for the Protection of Personal Data (LGPD).
Learn moreLearn the basic principles underlying most data privacy laws and the specific components you’ll come across in different laws.
Learn moreTo truly grasp what you’re collecting, how much of it you have, and where it is across your organization, you need a data map. This way, when you do get started on more downstream privacy-related tasks—like the assessments listed below—you’ll already have a handle on one of the most difficult aspects of the task at hand. Get started with our free checklist:
The GDPR introduced a new term, “Record of Processing Activity”—also known as a RoPA—in its Article 30. With this article, RoPAs became a requirement for each controller to maintain.
What exactly is a RoPA? It’s a document that outlines all of your business’s data processing activities, from HR and marketing to third-party activities and cross-border data transfers. Learn about everything that goes into one in our guide below.
Businesses are no stranger to assessments. There are assessments in almost every aspect of business, and the same can be said for data privacy. Privacy risk assessments, such as data protection impact assessments (DPIAs) and privacy impact assessments (PIAs), are often a staple in data privacy laws. Meanwhile, vendor privacy assessments can help you determine if there are privacy risks associated with a new third-party vendor.
Here are a few more resources to help you understand data mapping and assessments.
One requirement of the GDPR and other privacy laws is the completion of DPIAs, or data protection impact assessments. What are DPIAs? Learn more here.
Learn moreWith PIAs, you can systematically identify and mitigate privacy risks. Learn the top 7 PIA best practices to stay compliant and foster a culture of privacy.
Learn moreData mapping can help your organization understand what types of data you’re collecting, how much of it you currently have, where it lives, and who has access to it. Use this guide to access all of our resources on data mapping for data privacy.
Learn moreDiscover actionable tips straight from our team of legal and privacy experts through our blogs, webinars, eBooks, guides, and more.
Learn why organizations that invest in data privacy gain a return of up to $2.70 for every dollar spent.
Download NowLattice uses Osano to eliminate operational complexity, align marketing and compliance teams, and fulfill its promise of being a privacy-first organization.
Read NowDownload our checklist to learn what your first steps should be, regardless of which law applies to your organization.
Download NowWith Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.
Need Help Getting There?
Book a Demo With Our TeamEvaluate vendors. When your business wants to add a new cookie, you need to evaluate the vendor the cookie is associated with. Is this a reputable vendor you want to have on your website? A product like Vendor Privacy Risk Management can help give you insights into potential vendors. During this time, you can also create a Privacy Impact Assessment (PIA).
Once you’re ready for the new cookie, or while you’re evaluating your existing cookies during ongoing maintenance, you need to confirm the cookie type, business purpose, retention policy (how long will this cookie retain data?), and what data is or will be processed. During this time, you can add the cookie or script to a staging environment.
After confirming functionality, add the cookie or script to your production environment and add any classification work to your consent management platform.
Once your users are being tracked by the new cookie or script, it’s important to update your cookie notices and disclosures and your privacy policies.
Monitor and address any data concerns stemming from the data collected with annual vendor relationship evaluations and real-time monitoring of security concerns.
These five repeatable steps will help you keep track of the cookies that are currently on your site, ensuring your organization is compliant while building trust with your customers and prospects over time.
But cookie governance is just one part of the privacy program journey. To build a program dedicated to operational excellence without losing track of your progress with cookie governance, download the Osano Privacy Program Maturity Model.
Subscribe to “The Privacy Insider” newsletter to keep track of the latest data privacy news, learn tips for maintaining your privacy program, and gain insights into top stories each week.