GDPR came into effect in June 2018 and has recently celebrated its second anniversary. CCPA, however, becomes enforceable this month, after much protest from businesses and the advertising community. So, if you haven’t gotten around to acing the regulations yet, this could help you get on track. We asked data privacy experts to share their tips on complying with CCPA and GDPR, along with how the landscape has evolved this past year amid the COVID-19 pandemic.
The General Data Protection Regulation (GDPR) and California Consumer Privacy Act of 2018
(CCPA) have been a challenge for marketers and, given the current pandemic situation, have added to their stress and confusion. As we cross the GDPR’s second anniversary and CCPA becomes enforceable, “we are seeing a clear objective in the industry to harmonize the protection of data privacy and the process of data collection. The pandemic has demonstrated the need for data regulations on a global scale, which would see the entire industry following the same guidelines to protect consumer privacy while also allowing relevant information to be circulated for the greater good,” said Filippo Gramigna, strategic advisor, Audiencerate.
There has also been a substantial change in the perception of privacy. As Adam Robinson, founder and CEO, GetEmails, puts it “Americans that were previously obsessing over a “nation-wide CCPA” to protect personally identifiable information are now in favor of employers using contact tracing apps so that they can get back to work.”
For matters of importance, consumers are more receptive and open to sharing more information, which has put a greater focus on transparency during the pandemic. Nickolas Rekeda, CMO at MGID, said, “The rise of Covid-19 has put the spotlight firmly on the transparency of personal data usage, particularly in regards to public health, where sharing information is critical. The next step in the evolution of privacy will rely on publishers to make the most out of their first-party data – sorting audiences into groups by demographic, interests, and habits – to make it easier for advertisers to align target audiences with custom segments.”
There is also now a better understanding of the difference between data security and data privacy. Amy Yeung, general counsel and chief privacy officer, Lotame, opines, “With much of the nation’s workforce remote, our businesses now face reliance on home networks, videoconferencing, and alternate workplaces. There’s greater stress on companies that were already struggling to update and implement measures pre-COVID.”
While the pandemic has brought multiple challenges to the surface, privacy and data security are still essential, and even more still with teams working remotely on home networks. There is a need for transparency, a change in mindset, standardizing guidelines for all to follow, and a need to identify and fix the gaps that could essentially lose customers at such a crucial time. Marketers also need to be mindful of how they target customers going forward; let’s see how that can be done.
6 Tips to Comply With Consumer Privacy Regulations Going Forward
1. Understand the regulations and be future-ready
Adam Robinson, founder and CEO, GetEmails
All marketers need to know EXACTLY what new legislation says they can and cannot do. Right now, CCPA is on the forefront, but you need to understand, on a deep level, how it differs from prior legislation (CCPA vs. GDPR, for example), and how your organization is going to handle it.
I have conversations daily with marketers at established institutions who do not understand the idea that CCPA has nothing to do with explicit consent for data collection, as GDPR does. What’s that mean in plain English? Under CCPA, you can still send Email Marketing without an opt-in, so long as it’s opt-out, and you meet the other CCPA guidelines for California citizens. Know your legislation and how your organization is treating present and coming legislation.
Complying comes down to your staff understanding the legislation, making privacy policy changes, and putting systems in place to handle as much as possible in an automated fashion. In some cases, I do believe it’s easier to adopt the strictest standard across the board (CCPA for all of the U.S., or GDPR worldwide). Going with the most strict standard worldwide may also give you the advantage of not having to make any large-scale changes as legislation continues to pass in the USA, irrespective of what it ends up being.
2. Align regulations with processes and communications
Amy Yeung, general counsel and chief privacy officer, Lotame
While we would expect all business leaders to be hyper aware of brand alignment in this moment, it’s important for your communication and processes to work together, and to be aware that a misstep in data privacy or data security considerations can cause significant harm.
3. Enable automation while creating a customer-centric culture
Alex Timlin, SVP verticals at Emarsys
Marketing teams have a lot of tools and technologies that allow them to action the wealth of data at their fingertips while adhering to GDPR and data privacy regulations. But despite the advances in technology and automation, human interventions in data are still common. Marketers need to look at this as an opportunity to be more automated, data-driven, and connected in how they look at their tools and processes.
Within marketing, I firmly believe that compliance presents an opportunity to achieve true “customer centricity”. Sales teams, service teams, CRM teams, and marketing teams are the ones closest to customers and have the opportunity to “humanize” the data. Rather than creating a culture of just compliance and commercial and legal accountability, use the opportunity of compliance to create a customer-centric culture that better delivers the outcomes your business demands with the amazing experiences your customers deserve. Listen to customer feedback, reflect the feedback to your teams and business functions and make sure your business is in tune with your customers from the top down.
4. Identify intent in new ways
Nickolas Rekeda, CMO at MGID
Marketers who are dependent on processing personal data to engage with their customers in remarketing techniques will no longer be able to trace a user and offer goods based on their previous views. Instead, today’s marketers should gain a better understanding of the content that individuals choose to consume to gain a better indication of their interests, and begin testing alternative approaches such as contextual targeting, to engage with their target audience.
5. Carefully analyze and select data sellers
Filippo Gramigna, strategic advisor, Audiencerate
To find the right balance between consumer privacy and effective, targeted campaigns, marketers must educate themselves on new regulations, carefully evaluate the source of their data sellers, the quality of their data collection, and the compliance process. A good way to do this is to regularly keep updated with IAB’s guidelines in Europe and NAI in the U.S. If the data provider is a member of either of these organizations, it means they have undergone stringent vetting processing to ensure they are of the highest quality providers.
6. Value privacy in exchange for customer experience and trust
Ian Lowe, VP marketing, Crownpeak
We need to ensure that we don’t get distracted from our obligation to adhere to privacy regulations, and continue to respect customers’ continually increasing expectations for how their personal data is treated. Our advice is to only collect the data that meaningfully impacts the relationship with your customer; use that data for the benefit of the customer’s experience and ensure that your privacy consent notices and data collection is consistent with your brand.
To go beyond compliance and engage consumer trust, businesses need to be doing the right thing in the right places – policy, law, and tech; which includes having the tools to understand all parts of the data flow, including on the live-side of your sites. Today, positive user experience leads to trust, and customer trust is just as valuable as data. Organizations now have the opportunity to take a proactive approach to managing privacy experience. As new policies, industry challenges and customer expectations emerge, it is a matter of adapting to the new normal – and privacy should be core to this.
To sum up
Marketers now have the need to not only work more efficiently with technology and automation but also prove to customers that they genuinely care. That’s why it’s essential first to:
- Understand exactly what the regulation means and expects.
- Follow the protocols of every significant regulation to ensure your brand has all the right practices in place.
- Stay compliant and out of legal hot waters while keeping up customer trust, a powerful resource to have these days.
- Align it with all required processes and brand communications for better and consistent customer experience.
When looking to progress toward compliance, it is wise to adopt a customer-centric culture starting with your customer-facing teams, who can humanize them and build relationships from the ground up. Finally, to ensure you’re buying quality, regulated data, follow guidelines and find the right data sources.