Back in 2016, The EU adopted the General Data Protection Regulation (GDPR), which gives complete control to users over their personal data and how a company uses it. The GDPR came into play in early 2018, and most companies were enforced to comply with it by providing consumers with the opt-out ability, such as gathering data, etc.

Soon after, many other data privacy regulations increased in popularity and required companies to comply with their data privacy laws right after.

However, have you ever thought about how data privacy laws will affect your online business in 2023? It’s quite a tough question to answer from time to time, but by following the right steps, you’ll be able to clarify everything you need to know.

Let’s dive deeper into this article to find out more!

How are data privacy laws changing regulations in 2023?

The GDPR has greatly influenced other data privacy law regulators, such as the CPRA and many other states across the United States. As of January 1st, 2023, the Virginia Consumer Data Protection Act (VCDPA), many new law regulations will come into play regarding these acts. Additionally, from July 1st, 2023, these regulations will be set by the Colorado Privacy Act (ColoPA).

One of the key components of these new regulations is the requirement for data discovery definition. This means that companies will need to clearly understand what personal data they collect, where it is stored, and how it is used. This will be crucial in ensuring compliance with these laws and protecting individuals’ privacy.

Firstly, let’s talk about the CPRA. It buys/sells/and shares information with over 100,000 consumers and receives more than 50% of revenue from the personal information sold. As of January 1st, 2023, the CPRA will increase individual and opt-out rights, limit personal data retention and protect employees’ and business contacts’ personal data on a higher level.

Secondly, we have the Colorado Privacy Act (CPA), which explicitly targets Colorado residents and processes personal data of hundreds of thousands of data. Those who violate the CPA regulations will face fines up to $2,000 which can add up all the way to half a million dollars!

Thirdly, there’s the Virginia Consumer Data Protection Act (VCDPA). Similarly, it processes the personal information of more than 100,000 residents and 25,000 of them are Virginia residents. All of them derive more than 50% of personal information sales. All users who violate these laws will usually pay a fine of up to $7,500 plus attorney fees included.

New privacy regulations that come into effect on January 1st, 2023 will include assessing the adequacy of the vendor’s security and privacy to welcome the return or deletion of data once the contract has ended. One way for online businesses to ensure compliance with these regulations and protect their customers’ personal data is by using contract management software. This type of software can automate the process of assessing vendor security and privacy, as well as facilitate the return or deletion of data once a contract has ended. It is important for online businesses to understand and comply with these regulations to avoid penalties and protect their customers’ personal data. Utilizing contract management software can help ensure compliance and protect sensitive information.


A new act that has been introduced is the SHIELD act. It encourages data protection and is completely against online breaches. Following in those footsteps, many individual states throughout the USA will continue to expand data privacy laws.

New regulations for the PIPL China is one country to get new privacy policy regulations from the Asian region. Like other privacy regulators like the CPRA and GDPR, the new Personal Information Protection Law (PIPL) sets higher restrictions for personal data collection. The law asks organizations to state a clear reason businesses need to use and handle personal data.

Getting ready for data privacy

Above all, your organization should assess what type of data privacy laws they should apply to your business and develop a plan. After that, the organization should look at the kind of data it collects and start creating it and how it’ll manage it.

Overall, organizations should create a process of alerting individuals on how their company uses and stores data, obtaining the appropriate methods of opting it out. If you aren’t sure about setting up a data privacy law for 2023, you can always ask data advisors or a counsel that can provide you with the governance plan and data management framework you need.

New contractual obligations under the US privacy law

It’s never a surprise to have a separate contract for separate jurisdictions. For instance, when you’re aiming to conduct targeted ads, you’re targeting nationwide customers instead of a state-to-state approach.

Updating your privacy requirements and data security will be a must for 2023 because you’ll need an excellent approach to navigate these differences and compliance requirements.

Getting the right contractual privity is challenging but not all impossible. For instance, the CPRA requires you to have a contract whenever you send data to a third party and to describe the nature of the sale/share information.

Furthermore, to stay updated, always hire a data privacy specialist to inform you of the latest contractual obligations. If you lack the necessary time to deal with the latest updates, there’s always someone who can!

The summary of what will change in 2023

Data privacy laws are only getting more strict over the years and requiring you to stay compliant. It’s always best to stay updated or hire someone specializing in this part to reduce time consumption and avoid hefty fines.

At the end of the day, it’s never a good idea to engage in data manipulation and always inform customers about the type of data you are trying to collect. Better to stay compliant with data privacy regulators than to pay hefty fines.