Comparing US state privacy laws and GDPR

The United States (US) state privacy laws bear some similarity to the European Union’s General Data Protection Regulation (EU GDPR), which came into effect in May 2018, and the United Kingdom’s General Data Protection Regulation (UK GDPR), which was retained as domestic law in the UK following Brexit (together, the “GDPR”). Both give rights to consumers over their data and define responsibilities. However, the nature of these rights varies, and the GDPR also imposes different obligations, such as the requirement to ensure that personal data is protected as it crosses borders, and requiring businesses to follow certain rules regarding notice to individuals and regulators when a data breach occurs.

Much of the work to prepare for the GDPR applies to the US state privacy laws, but complying with the GDPR doesn't mean that you comply with US state privacy laws.