As the world is becoming more digital and entwined together, the cybersecurity threat landscape has no doubt become a daunting one. For example, typical threat variants of the past, especially those of phishing, have now become much more sophisticated and covert in nature. A lot of this has been brought on by the proliferation of ransomware, which exploded during the COVID-19 pandemic. Now, there is another concern that is looming on the horizon: data privacy. Now, more than ever, consumers on a global basis want to know exactly what is happening to their personal identifiable information (PII) datasets. Examples of what they want to know about include the following:

• What kinds and types of information and data are being collected about them
• How those PII datasets are being stored, processed, and transacted with
• How their PII datasets are being used by third-party suppliers

In response to these concerns and fears, as well as the cyber risks posed by these datasets, many nations around the world have set up rather extensive and very detailed data privacy laws. In their respective tenets and provisions, these pieces of legislation not only specify why and how businesses need to comply with them, but also outline the rights that are afforded to each and every consumer. In this book, we detail the tenets and provisions of three key data privacy laws:

• The GDPR
• The CCPA
• The CMMC

We also provide a general framework at the end on how a business can comply with these various data privacy laws.

The book begins with an in-depth overview of the importance of data and datasets, and how they are so relevant to the data privacy laws just mentioned.