those that fund research and development activities is subject to the political process, which is inherently fluid and unpredictable.
Disruptions at the FDA and other agencies may also slow the time necessary for new drugs to be reviewed and/or approved by necessary government agencies, which would adversely affect our business. For example, over the last several years, including December 22, 2018 to January 25, 2019, the U.S. government has shut down several times and certain regulatory agencies, such as the FDA and the SEC, have had to furlough employees and stop critical activities. If a prolonged government shutdown or a series of shutdowns occurs, it could significantly affect the ability of the FDA to timely review and process our regulatory submissions, which could have a material adverse effect on our business. Further, future government shutdowns could impact our ability to gain access to the public markets and obtain necessary capital in order to properly capitalize and continue our operations.
We may be subject to, or may in the future become subject to, U.S. federal and state and foreign laws and regulations imposing obligations on how we collect, use, disclose, store, and process personal information. Our actual or perceived failure to comply with such obligations could result in liability or reputational harm and adversely affect our business. Ensuring compliance with such laws could also impair our efforts to maintain and expand our customer base, and thereby decrease our revenue.
In many activities, including the conduct of clinical trials, we are subject to laws and regulations governing data privacy and the protection of health-related and other personal information. These laws and regulations govern our processing of personal data, including the collection, access, use, analysis, modification, storage, transfer, security breach notification, destruction, and disposal of personal data. We must comply with laws and regulations associated with the international transfer of personal data based on the location in which the personal data originates and the location in which such data are processed. While we strive to comply with all applicable privacy and security laws and regulations, legal standards for privacy continue to evolve and any failure or perceived failure to comply may result in proceedings or actions against us by government entities or others, or could cause reputational harm, which could have a material adverse effect on our business.
The legislative and regulatory landscape for privacy and data security continues to evolve. For example, the EU General Data Protection Regulation, or GDPR, which was effective as of May 25, 2018, introduced new data protection requirements in the European Union relating to the consent of the individuals to whom the personal data relate, the information provided to the individuals, the documentation we must retain, the security and confidentiality of the personal data, data breach notification, and the use of third party processors in connection with the processing of personal data. The GDPR has increased our responsibility and potential liability in relation to personal data that we process, and we may be required to put in place additional mechanisms to ensure compliance with the GDPR. However, our ongoing efforts related to compliance with the GDPR may not be successful and could increase our cost of doing business. In addition, data protection authorities of the different EU member states may interpret the GDPR differently, and guidance on implementation and compliance practices are often updated or otherwise revised, which adds to the complexity of processing personal data in the European Union. It is also not yet clear how the United Kingdom’s withdrawal from the EU, or BREXIT, will affect the approval, distribution and marketing of medicinal products in the UK.
In the United States, California adopted the California Consumer Privacy Act of 2018, or CCPA, which became effective in January 2020. The CCPA has been characterized as the first “GDPR-like” privacy statute to be enacted in the United States because it mirrors a number of the key provisions of the EU GDPR. The CCPA establishes a new privacy framework for covered businesses by creating an expanded definition of personal information, establishing new data privacy rights for consumers in the State of California, imposing special rules on the collection of consumer data from minors, and creating a new and potentially severe statutory damages framework for violations of the CCPA and for businesses that fail to implement reasonable security procedures and practices to prevent data breaches.
We and our collaborators are subject to extensive government regulations and we and our collaborators may not be able to obtain necessary regulatory approvals.
We and our collaborators may not receive the regulatory approvals necessary to commercialize our product candidates, which would cause our business to be severely harmed. Pharmaceutical product candidates, including those in development by us and our collaborators, are subject to extensive and rigorous government regulation. The FDA regulates, among other things, the development, testing, manufacture, safety, record-keeping, labeling, storage, approval, advertising, promotion, sale, and distribution of pharmaceutical products. If our potential products or our collaborators’ potential products are marketed outside of the United States, they will also be subject to extensive regulation by foreign governments. The regulatory review and approval process, which includes preclinical studies and clinical trials of each product candidate, is lengthy, complex, expensive and uncertain. Securing regulatory approval requires the submission of extensive preclinical and clinical data and supporting information to the authorities for each indication to establish the