We are not lawyers, and this is not legal advice. If you need current, accurate advice to base your decisions on, contact a lawyer who can provide that. Use of this information is entirely at your own risk.
Sygnal's perspective on how to best align our work with the GDPR and other privacy initiatives ( CCPA, CPRA, COPPA, HIPPA ... ) is continually evolving.
That said, here's my take on the impact of these changes, and how it affects my agency Sygnal and our clients.
We use the 4 project zones mentioned previously as a guide to our project planning. On top of that there may be industry-specific and market-specific requirements such as;
All of these together inform our strategy on each project.
Depending on the classification, these things are affected.
On the website itself;
On back-end systems such as databases, mailing lists, CRMs, and automation;
Our zone 4 project classification ( e.g. Germany ) is the most stringent, because it requires local hosting of all content, and local storage of all data.
We rarely accept client projects in this category, because the very laws that seek to keep and protect customer data within national borders make it unrealistic for us to build and support these systems from outside of those borders.