The world seems to be unanimously putting an end to the era of deregulated data collection and sale of consumers’ personal data. The European Union passed the General Data Protection Regulation (GDPR) and now in the United States, the California Consumer Protection Act (CCPA) has come into effect. These two laws are super influential because they give significant power back to the consumers over their private and personal data, and the laws are also forcing large data collecting companies to change their models of business and be more transparent on data usage. According to eSellerCafe, over 56% of California based companies are not prepared or CCPA compliant based on their current business model. The CCPA can be tricky and complicated especially if you are unfamiliar with the data collecting world and regulations, but making sure your company is CCPA compliant should be the number one priority.
Super Brief Summary of the CCPA: A business must be able to provide its customers with the data collected from them and the purpose of its collection, upon consumer request. Consumers should also be given access to their personal data, allowed to request the deletion of their data, and have the ability to opt out of the sale of their personal data. Non-compliance with the CCPA can result in a $2,500 fine per record for each unintentional violation and a $7,500 fine per record for each intentional violation. For example, a company that mismanages 1,000 consumer privacy requests could be subjected to a fine ranging from $2,500,000 to $7,500,000.
Common Misconceptions about CCPA:
- Marketers can wait to see how strictly CCPA regulations will be enforced before adjusting their business models. This is a bad idea because while the initial enforcement for the first couple months may be lenient, with time it will only increase. The CCPA is not going away, nor are the new rights for consumers’ data privacy. Delaying to see how strict these new regulations are enforced can result in your company facing a lot of the fines previously mentioned.
- Companies that are GDPR compliant don’t need to worry about the CCPA. Other than the obvious difference of GDPR relating only to Europeans and CCPA dealing with Californians, there are many differences in the fine print of the two. Any company who is GDPR compliant will be in a much better position to make themselves CCPA compliant, but the two are not one in the same. The CCPA focuses more on for-profit businesses making it a bigger issue to deal with than GDPR in the digital marketing industry.
- CCPA will not apply to my business. CCPA applies to companies with annual gross revenues of $25 million or more, those that buy or sell more than 50,000 individuals’ data, and companies that make more than half of their annual revenues from selling customer data. Also, if your company collects or stores any data from a current California resident, you must make sure you are CCPA compliant. This means almost any online business with advertising, analytics or site-tracking must adhere to CCPA.
With Alistair Mactaggart proposing a new ballot or CCPA 2.0 in November, it is clear that consumer privacy and protection over their personal data is a trend that will not be going away anytime soon. Companies delaying or procrastinating to become CCPA compliant will be ruing the opportunity to have prepared themselves beforehand. Using similar strategies to GDPR compliant companies can help, but the best strategy is to hire an employee to be in charge of CCPA compliance. Having an employee specifically in charge of CCPA compliance will help eliminate confusion and complications, and make sure your company is not at risk of being fined.