Data Privacy Law, GDPR & CCPA Compliance Requirements with Robert Freund

Podcast: Play in new window | Download (Duration: 51:36 — 23.6MB) | Embed

Subscribe: Google Podcasts | Spotify | Email | RSS

If you’re marketing to various online audiences, you’ve probably heard the term GDPR by now.

But what is GDPR? 

What’s CCPA? 

And how do they impact you and your digital marketing team?

Digital compliance is something that often gets overlooked. But it shouldn’t.

Fines and penalties, while rare, could put you out of business if regulators decide to make an example out of you.

To help you understand your GDPR and CCPA compliance requirements, I got together with Robert Freund, an experienced advertising attorney. 

It’s his job to help you avoid business mishaps. And he shared some helpful insights about which data privacy laws apply to you, how to update your marketing, and when this all went into effect.

What is GDPR? 

The EU created GDPR to protect consumer privacy rights. 

It is intended to help consumers understand:

• What personal information businesses are collecting
• How their information is used
• How to opt out of data collection

If you have your website, to be compliant, you may need to update your privacy policy. And if you have a separate social media policy, you may need to update that too.

“It’s about updating your privacy policy…putting information about how you are using data and what you are collecting in front of the consumer,” said Robert.

This includes creating a cookie pop-up to let consumers opt out of data collection if they choose.  Google ended cookie support recently.

But, why does this matter to US companies? 

If you are a US business with EU customers — or it’s even remotely possible that someone from Europe may find their way to your website — you should follow GDPR rules regarding data privacy and disclosure.

“Even if you aren’t physically in Europe, the way the rule is written still applies to you,” said Robert. 

What is CCPA?

The California Consumer Privacy Act is California’s version of the GDPR, enacted on January 1st, 2020. 

You will be subject to the CCPA if you collect data from California residents and:

Exceed $25 million in gross annual revenue…

OR

…obtain personal information from 50,000 or more California residents per year…

OR 

…50% or more of your annual revenue comes from selling the personal information of California residents. 

“If you’re a small business not located in California, you still have to figure out if California residents are visiting your website,” Robert clarified.

If so, you are subject to the law and should do everything you can to meet CCPA compliance requirements.

Complying with CCPA Privacy Laws

Remember, you should consult a professional attorney in your jurisdiction to ensure you are doing the following things correctly. This is not legal advice. But getting compliant may include these steps:

1. Updating your privacy policy
2. Updating your website policy
3. Auditing what data you are collecting (and how)
4. Having a plan in case of a data breach
5. Giving consumers a very clear opt-out option
6. Having disclosure guidelines in your social media agreements

“If somebody connected or employed by your brand is going to be talking about it online, you have to make that kind of disclosure, and it’s just good policy to ensure that everyone does that all the time,” said Robert.

The grace period for meeting CCPA compliance requirements ended in July 2020. So if you’re making more than $25M annual, you’ve got work to do.

It’s time to review and revise your website’s privacy policy. 

Compliance is a moving target. My client, Poster Compliance Center, sells workplace compliance posters that employers legally must display.

One of their offerings is an annual subscription, which ensures you’ll always have the most current posters to display.

That’s how frequently city, state, and federal rules and regs change. You need to subscribe to a compliance poster provider to stay current. GDPR and CCPA are two of the latest regulations to come into effect. And they’re both consumer privacy regulations, developed partly in response to the Cambridge Analytica fiasco. 

Or contact me if you need help navigating CCPA compliance requirements or connecting with a reasonable attorney who understands digital media compliance.

For more important news and updates, subscribe to the B2B Lead Gen Podcast, where we share helpful digital marketing insights and effective tactics from industry experts.