The current compliance landscape in data privacy goes beyond just privacy policies. The influx of wide-reaching data privacy regulations like the EU's GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act) expands the definitions of data processing and personal data (beyond traditional PII) and joins a plethora of existing data privacy regulations worldwide. These include Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), Australia's Privacy Act, as well as industry-specific rules like HIPAA, GLBA, and FERPA. Organizations are required to comply with increasingly restrictive data protection rules that contain prescriptive requirements around lawful use of personal data, response to data subject requests for information, assurance of data security (especially around sensitive personal information), and timely reporting of data breaches to regulators and data subjects. CIOs (Chief Information Officers), CISOs (Chief Information Security Officers), and DPOs (Data Protection Officers) must leverage risk-based approaches to data protection and build measurable data privacy programs that can help their organizations remain compliant and avoid negative impacts to their reputations and hefty regulatory fines.