and since then it's generated a lot of buzz around the world.

Everyone from Facebook CEO Mark Zuckerberg to lawmakers on Capitol Hill

seem to be asking the question: Can GDPR go global?

GDPR stands for the General Data Protection Regulation.

It's a landmark privacy law that went into effect last May across the European Union.

One of its main goals?

To give consumers more control over their personal information

like the right to access or delete their data.

For tech giants like Facebook and Google, GDPR has meant getting deliberate consent

from users before collecting their personal data and notifying authorities of data breaches within 72 hours.

Politicians, policymakers and business leaders have been closely watching GDPR's rollout

to see if it can act as a blueprint for other privacy legislation around the world

and so far it has a few notable supporters.

We should celebrate the transformative work of the European institutions

tasked with the successful implementation of the GDPR.

So what would it take to implement GDPR in other parts of the globe?

We visited the capital of the world's biggest economy to find out.

Our first stop is BSA, a lobbying group that represents companies like Apple and Microsoft.

GDPR was a really important step particularly in terms of harmonizing privacy law across Europe.

I think in the United States what we would like to do is take that strong level of protection

that is in GDPR and then adapt it to the U.S. legal system.

A global consensus on privacy is probably a few years off, that's a goal to grow towards.

But that's where we want to end up.

What are some of the steps necessary to make that happen?

So, one step is getting federal privacy legislation passed here in the United States.

I think that will be an enormously important step forward.

But we, as an organisation, BSA, are working with governments of

India, the government of Japan, the government of South Korea, the government of Brazil,

we're working with governments around the world.

Lawmakers on both sides of the aisle in the U.S. have come out in support of a federal privacy law,

but they're divided on exactly what it should look like.

One big sticking point is whether a federal law would override individual states' stricter privacy rules.

California, for example, passed a privacy law similar to GDPR that will go into effect in 2020.

California's law passed quickly in part because of backlash from the Cambridge Analytica Scandal

which revealed Facebook had improperly shared the personal information of up to 87 million of its users.

Recent data breaches have brought privacy legislation to the top of the agenda in many countries

but there's also a sense Europe's law isn't the perfect solution.

Why not?

Well, the data protection authorities who enforce the rules are often short on resources,

meaning it can be tough to keep up.

Some companies have struggled to meet the requirements like hiring data protection officers.

And for users, well the rules can be so complex, they're just too hard to understand.

Denise Zheng is vice president of technology and innovation policy at Business Roundtable.

GDPR on the compliance side is really quite burdensome.

There is a lot of disclosure requirement.

When you go to a website, for example, you have to click on all these agreements, on these banners.

The user experience is hurt by some of these really burdensome disclosure requirements.

In a recent survey, Business Roundtable found 80 percent of member CEOs

say it's important for Congress to pass a privacy law like GDPR.

I know that we don't exactly have the strongest reputation on privacy right now to put it lightly,

but I'm committed to doing this well.

Companies that breach GDPR can face serious fines of up to €20 million

or 4% of global annual revenues, whichever is bigger.

For Facebook that could mean more than a billion dollars.

And while big tech companies can stomach fines and legal fees, that's less the case for small business.

Finding consensus among different key industry groups,

from retailers to tech companies, to online platforms, to internet service providers and health care firms,

all of these companies leverage personal information,

finding some way to achieve agreement across them is what gets us to the finish line.

So far, regulators here in Europe haven't imposed any massive fines under GDPR.

But that's not to say they won't.

Facebook for example is facing several ongoing investigations.

Even though the company isn't headquartered here, the law applies to any firm with business in the EU.

The international presence of many companies is one reason why some CEOs

say it would be easier to make GDPR a global privacy law.

Hey everyone it's Elizabeth. Thanks so much for watching.

Do you think there should be stricter privacy laws? Let us know in the comments section.

And be sure to check out our other videos and subscribe to our channel.

See you later!