On the heels of #DeleteFacebook and the Cambridge Analytica scandal, Internet and social media users are demanding companies that collect and store personal information prioritize data privacy. Meanwhile, in the EU, major privacy legislation, called General Data Protection Regulation (GDPR), is set to take effect in May. Smart companies have no choice but to take action to protect user data, especially if they want to remain competitive globally, according to one workplace authority.

“Data privacy has been a major concern for consumers for years, but with the recent revelations that companies and even adversarial governments can access and utilize user data for nefarious purposes, consumers have had enough. It’s no surprise that users are demanding to take back control of their data from corporations who have profited from its collection,” said Andrew Challenger, Vice President of global outplacement and executive coaching firm Challenger, Gray & Christmas, Inc.

“GDPR forces companies to be transparent about what data is being collected and how it is shared, giving users more control. Under this regulation, companies can no longer collect, store, or share your data without your consent. Even companies that do not need to comply with this legislation should use it as a guide, as more and more consumers are demanding action,” added Challenger.

“Companies able to market that they are GDPR compliant or have strenuous data protections could win big right now,” he said.

Recently, many companies, including Venmo, Microsoft, Facebook, and Google, have sent users updates to their privacy policies, some in response to the undercurrent of mistrust of these tech giants. This is not necessarily a bad thing for companies, especially those who can promote their data protection abilities. According to a survey conducted by AnchorFree, 95 percent of Americans are concerned about what companies may be doing with their data without permission. Greater than half are looking for ways to secure their information, as more and more Americans utilize e-commerce and social media sites.

Taking steps to secure users’ personal data could also save money in the long run. According to the Ponemon Institute, the average cost of a security breach to a company in 2015 was $3.79 million. This is up from $3.52 million in 2014. These costs include government penalties, the costs of compliance and notification, and credit monitoring for victims.

In the U.S., data privacy laws vary from jurisdiction to jurisdiction. Under the Obama administration, it seemed as though the federal government was going to protect data using the FCC’s Broadband Privacy Rules, which would make it more inconvenient for companies to distribute user information. However, last April, the Trump administration shut down these regulations before they were even rolled out to the public.

“Federal law protects health, financial, child, and student data. However, many states do not have basic privacy protection, such as a breach notification statute that would force companies to alert customers when their data has been compromised. In other cases, some states have more far-reaching laws than the federal government, such as California, which leads the way in data privacy regulation,” said Challenger.

Until comprehensive federal laws are set in place in the U.S., businesses have to keep track and abide by several state and local regulations on the collection and distribution of personal data.

For instance, the Illinois senate approved the “Right to Know Act,” which, if put into law, would help to secure user data by requiring companies of a certain size to list the data being collected as well as information about third parties who are purchasing that data. Specifically, companies with more than ten employees that share data, not necessarily sell it, would fall under this legislation.

Meanwhile, the California Consumer Privacy Act, if passed, gives Californians the right to know what is being collected and the control to stop data from being sold, and would also require companies to keep data safe.

“Consumers want to know that the companies with which they do business care about them and generally do not want to do harm. One way to prove this is to safeguard the personal information shared with businesses in these transactions,” said Challenger.