The General Data Protection Regulation (GDPR) caused a seismic shift in the regulatory landscape across Europe. It grabbed headlines — and the attention of boards everywhere. However, it's now the California Consumer Privacy Act (CCPA) 2018 that's moved into the spotlight. CCPA is just the latest example of a global trend toward formally recognizing and codifying individual rights to privacy that were spearheaded in the GDPR. Organizations globally are starting to face the reality that, in the wake of recent data breaches and the negative public reaction, regulatory requirements are becoming more prescriptive and consumer tolerance for poor data handling practices is lower than ever. Adapting to this change is not an option — it is critical to survival.