Data protection laws govern how personal data is collected, processed and stored.

In the EU, the General Data Protection Regulation (GDPR) requires organizations to obtain consent, limit processing to legitimate purposes, and provide individuals with rights to access, rectify and delete their data.

In the U.S., the California Consumer Privacy Act (CCPA) grants similar rights to Californians.

Additional laws like HIPAA (healthcare), GLBA (financial services) and upcoming state‑level AI regulations may apply depending on the sector. Embedded analytics must ensure that personal data isn’t exposed through queries or visualizations and that consent mechanisms are in place.

Deloitte’s Connected Consumer survey notes that 48 % of consumers experienced a security breach in the prior year and 85 % are taking steps to protect themselves, underscoring the importance of robust privacy practices.