The California Consumer Privacy Act of 2018 (CCPA) goes into effect on January 1, 2020. If you’re not ready, you’re not alone. Thirty percent of organizations expect to be only partially compliant by the deadline.
Right about now you most likely have two questions: does my organization even have to comply with the requirements and, if so, what can I do — quickly — to get there?
Does my organization have to comply with the CCPA requirements?
Any business, regardless of physical location, that collects or markets personal data on California residents, is subject to this law. Drill down further on that, and any organization that meets one or more of the below criteria must apply must comply with the CCPA:
- Generate over $25 million per year in gross annual revenue
- Sell 50,000 or more customer records
- Derive at least 50 percent of their annual revenue from consumer personal information
With that said, there are many reasons to embrace the requirements, regardless of whether you meet these criteria or not.
The CCPA, while less stringent than GDPR, is similarly designed to ensure consumers in the U.S. have more control of their personal data. And as Europe’s General Data Protection Regulation (GDPR) has already proven out, there are very real benefits to respecting your customers’ privacy and preferences, including greater customer trust and revenue growth. In fact, more than 90 percent of GDPR-compliant organizations say they’ve actually gained a competitive advantage, according to a Capgemini Research Institute report.
Need a quick refresher?
Below is a summary of the four main categories of the act’s tenets:
It’s almost January 1 — what can I do?
First, take a deep breath. Fewer than 30 percent of companies claim to be fully GDPR-compliant, and their deadline was over a year ago. The most important thing is to get started, prioritize your efforts, and come up with a plan.
Below are some common considerations to help you get started:
- Identify your stakeholders
A project sponsor and key stakeholders from Legal, IT, Website Development, and Marketing Operations are typically involved.
- Evaluate your risk potential
- Are you a consumer-focused organization?
- If you are B2B, do you disclose or sell consumer data to any third parties?
- Can consumers easily request information about how their data is used?
- Prioritize your timeline based on the following (including but not limited to):
- Legal requirements
- Highly visible requirements
- Data processing requirements
- Consider your market
Would all of your consumers, not just in California, appreciate equal data protection? You may want to implement the same privacy standards across all states, versus a one-off approach for only California residents.
Not sure where to begin?
DemandGen can help. Contact your Client Engagement Manager or visit our website for more information. No matter where you are today, the time to act is now.
Disclaimer: The information presented here is not intended as legal advice or comprehensive guidance for your company to use in complying with data privacy directives or laws such as the CCPA or GDPR.
Any final decisions or arbitration must be approved by your Legal or Data Privacy team.
As a Client Engagement Manager, Linnea Alvord helps DemandGen clients meet their strategic objectives through the use of marketing technology and services. Linnea’s passion for client success has been honed over 20+ years in technology consulting and marketing. She believes that marketing and sales alignment is possible and wants to help all of her clients become marketing superheroes.