It’s been almost one year since the European Union implemented the General Data Protection Regulation (GDPR). The new regulation has already had an impact, with regulators imposing a $57M fine on Google this past January.

The sweeping changes enacted by the implementation of the GDPR have left many American privacy experts wondering when the American equivalent of the GDPR will arrive.

The answer?

Sooner than you think.

Here’s why:

  • More data means more data breaches, and more data breaches inevitably bring more regulation.

 Facebook. Equifax. Google. Walgreen’s.

The list of household names caught up in major data-breach scandals grows every year.  However, what you do not see every day are the small and medium sized businesses that report data breaches each month.  The reality is that the Personally Identifying Information (PII) is everywhere, easily accessible, and often poorly protected by business owners.

Lawmakers respond slowly to technological and societal change—but they do eventually respond. While it may seem like major data breaches (looking at you, Facebook) aren’t moving the needle on a comprehensive federal data-breach law fast enough, they are moving the needle.

When it comes to public policy, though, change comes slowly—but eventually it will arrive.

  • Privacy and data protection remain one area ripe for bipartisan compromise.

 The American political system is deeply, deeply dysfunctional—and bipartisan compromise on major policy issues is rare.

However, it isn’t unheard of.

Recently passed criminal justice reform is one example of that. Like criminal justice reform, privacy protection and data regulation have the potential to be another area of bipartisan cooperation.


Protecting consumer rights and preventing abuses by large corporations is a space within public policy that can unite both the left and the right (though sometimes for different reasons). One only has to look at the recent backlash against Facebook to see that dynamic in action.

Even though it might not seem like it, Washington, D.C., still has to occasionally show it is doing something for the American people. Don’t be surprised if one of the ways lawmakers choose to show that is by focusing more energy on privacy protection and data regulation in the coming years.

  • The American public will demand it.

 Imagine being a parent whose child’s personally identifiable information was compromised on Facebook?  How would you feel?

You would be incredibly angry.

Privacy is a growing concern for all Americans. Companies like Facebook know it, which is why they have recently pivoted toward an increased focus on privacy.  However, Facebook will pay a heavy financial and reputational price for their years-long disregard of user data.

What is true for Facebook is also true for any other large, medium, or small business.  Every business—regardless of size—must demonstrate that they care about customer, consumer, patient, client, user, and all other stakeholder data.

So what can shredding companies do to prepare their clients for the reality of a comprehensive national data-protection and privacy law?

To begin with, start preparing your customers today.

Despite a two-year implementation period before the GDPR became law, many companies did not start preparing for the consequences of the regulation until it was already being enforced. While shredding companies can’t prepare their clients for a law that hasn’t even been drafted or proposed, they can help their clients better prepare for future laws and regulations by complying with existing laws and the new Golden Rule of Business.

(What is the new Golden Rule of Business? Treat your customers’ data like it was your own.)

Shredding companies can help their customers be both compliant and gain a competitive edge by taking their current privacy and data policies and bringing them to the next level.

And how do you do that?

To start with, you partner with CSR!

And with our host of data-breach and privacy-protection solutions, CSR Privacy Solutions can help shredding companies become the indispensable data-and privacy-compliance partner its customers need.

There is a good chance that the next few years could see the passage of America’s version of the GDPR. When that happens, the clients of the most visionary and proactive shredding companies should have nothing to worry about—so long as those shredding companies start working with their clients to prepare for the future by elevating their data-protection program and policies today.

Contact CSR