Recently, companies have been in the spotlight for the legal consequences they have faced when navigating around privacy issues and laws — Google has already been fined for its violation of the European Union's General Data Protection Regulation (GDPR). For many organizations, how privacy laws will impact cyber insurance policies and cybersecurity risk mitigation remains unclear. Whether you're for or against a national privacy law in the U.S., it's hard to argue that whoever gets stuck piecing the law together doesn't have their work cut for them. As more jurisdictions around the globe attempt to protect privacy rights, it's become apparent that balancing those desires against public safety and national security isn't available in a one-size-fits-all package. Those sentiments may hold doubly true in the U.S., which has the burden of playing catch up to both the GDPR and state laws such as the California Consumer Privacy Act (CCPA). If the U.S. does take a stab at carving out its own federal privacy niche, here are a few questions it will more than likely have to answer along the way. Related: 

• 4 steps to keeping data safe in the cloud
• Privacy experts: Expect larger GDPR fines
• U.S. companies repeating data privacy compliance mistakes, study shows