New rules for how businesses must receive, process, and respond to data subject rights requests are emerging at rapid rates. While some businesses already have rights response processes in place pursuant to existing data protection regulations, others will need to satisfy these obligations for the first time as more jurisdictions impose these requirements. Where processes are already in place, businesses need to be aware of emerging nuances that affect their compliance posture.

In this session, we will:

  • Review data subject rights obligations under existing legal regimes (e.g., GDPR and CCPA).
  • Outline key data subject rights obligations under emerging laws—such as California’s CPRA and Virginia’s CDPA, which both enter into force on January 1, 2023.
  • Explore additional proposed data protection regulations that may soon become law (e.g., in Florida, Illinois, New York, Oklahoma, and Washington).
  • Brainstorm practical solutions to building enduring data subject rights programs as obligations continue to evolve.