The SaaS Law ClinicNicole G, Esq.
✦ A privacy primer

Navigating Privacy:
GDPR & Beyond.

A plain-English overview of modern privacy law: GDPR, CCPA/CPRA, US state laws, and the operational discipline behind a working privacy program for SaaS, AI, and data-driven companies.

$550
One-time · lifetime access
Or book a call
Privacy Fundamentals primer: GDPR, CCPA/CPRA, US state privacy laws, PIPEDA, LGPD
01 · The fundamentals

Six pillars of modern privacy practice.

01

GDPR

Lawful bases, controller vs. processor, data subject rights, the operational mechanics. The framework most modern privacy laws still anchor to.

02

Article 28 & DPAs

Sub-processor obligations turned the DPA from a one-time negotiation into an ongoing program obligation.

03

Cross-border transfers

SCCs, the UK addendum, transfer impact assessments: what changed after Schrems II and how to operate.

04

CCPA / CPRA

California's privacy laws, the CPRA enforcement layer, and how California shaped the US patchwork.

05

US state privacy laws

Virginia, Colorado, Connecticut, Utah, Texas: the rapidly expanding multi-state privacy compliance map.

06

Operational discipline

Records of Processing, sub-processor lists, breach response: the operational backbone behind every defensible privacy program.

02 · Why this matters now

Privacy went operational. So did the practice.

For a decade, privacy law was something you papered on top of an existing contract. GDPR Article 28 changed that. Sub-processor obligations made the DPA an ongoing program, not a one-time negotiation. Schrems II made transfers operational. The US state privacy patchwork made multi-state compliance the default, not the exception.

The privacy person on a modern tech-law team isn’t writing a clause. They’re running a sub-processor list, a TIA file, a vendor review cadence, and a breach response playbook that survives a regulator visit. The contract is the artifact; the program is the work.

That’s the operational practice we teach inside the corporate training program: not an academic survey.

03 · Where to go from here

Three steps to a working privacy practice.

01

Read this orientation

Get the lay of the land. The vocabulary, the frameworks, the operational shape of a working privacy program.

02

Take the 30-Day Challenge

30 daily lessons including 7 specifically on privacy: GDPR, Article 28, transfers, US states, breach response.

03

Bring it in-house

License the corporate training program for your in-house counsel, contracts, procurement, and product teams.

Ready to bring privacy in-house?

License the corporate training program for your in-house counsel, contracts, and privacy team: or start with a 15-minute discovery call.

Book a call