• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Search
Close

Search

Recommended Reads

Velocitize Talks: Boyd Roberts of Big Picture Group on Branding, Websites & Open Source

3 Ways to Reduce Shopping Cart Abandonment

Happy Anniversary to WordPress! 20 Years & Going Strong

How to Design a High-Converting FAQ Page (5 Tips)

Velocitize

Your fuel for digital success

A publication by 

Your fuel for digital success

  • Featured
  • Marketing
  • Talks
  • Trends
  • Digital
  • Agency
  • WordPress Hosting
Follow

GDPR and CCPA: The Precursors to More Data Regulation

Lionel MenchacaSeptember 3, 2019

Share

A growing number of marketers today see data as a product. Companies that use it effectively maintain a sustainable advantage over competitors. For years, we as users willingly share some of our personal data in exchange for goods and services. These days, however, with the ever-increasing tension between data and customer privacy, more customers are becoming better informed (or at least more curious) about how their personal data is collected and used. All of this impacts how we as marketers will reach them in the future.

With the General Data Protection Regulation (GDPR), Europe has taken the lead on protecting users’ data privacy. In contrast, the U.S. has only enacted a patchwork of specific laws to protect consumer data. One thing’s clear: broader regulation will come. As it does, marketers need to focus on data compliance in addition to thinking through how to reach those audiences.

Saving Private Data

Years in the making, the GDPR represents the first broad legislative attempt at protecting user privacy in May 2018. Those of you who work at multinational companies, or for companies that do business in European Union countries, have probably spent time and resources working toward GDPR compliance. We’re starting to see GDPR fines levied against companies like Google, Marriott and British Airways. For those who want to keep a closer look, here’s a site that maintains a running list of GDPR-related fines.

But what if you’re a marketer for a small business or even a larger company that only does business in the U.S.? Why should any of this matter? Because here in the U.S., even though we don’t have broad legislation in place like GDPR, the FTC recently fined Facebook $5 billion for privacy violations related to its involvement with Cambridge Analytica—the largest fine ever for the federal agency.

There’s also activity at the state level. Vermont recently enacted a law requiring data brokers (companies who license or sell Vermont resident customer data to third parties) to register officially. Beyond registering, the law also requires these companies to clarify whether consumers can opt out of data collections, whether it lets consumers restrict who can buy their data, and whether they’ve had any data breaches in the past year.

What can marketers do to prepare for increased regulation?

Understand your organization’s GDPR and CCPA compliance status

Both the GDPR and CCPA require companies to provide clarity on how it collects, stores, shares and uses data. It also required companies to provide clarity on what opting in for marketing materials entails, and that starts with getting user consent. Even if GDPR doesn’t directly impact your current marketing efforts, the California Consumer Privacy Act (CCPA), probably will. That’s why understanding how your company accesses first-party (data your company collects directly from a customer), second-party (customer data from social media sites, for example), or third-party data (from sources that don’t have a direct relationship with customers, like data brokers) will serve you well.

Dedicate time to consolidate data repositories

Once you have a better grasp of the scope of the aggregate customer data, it’s time to think about a Customer Data Platform. It allows collection of anonymous visitor data and can be used to augment Customer Relationship Management (CRM) data about known and potential customers.

Emphasize first-party data over third-party data

Increased regulation means marketers will need to do more with less data. I agree with Decoded Founder and CEO Matt Rednor here. Even before regulations like GDPR take effect here in the U.S., this is the time to spend cycles re-architecting and perfecting how your company collects, stores and uses first- and second-party data. Whatever form increased regulation takes, it’s time to prepare for compliance. Facebook’s already changing itself. More social networks and other companies are making changes for compliance as well. 

How’s your company preparing for GDPR and CCPA? Here are some resources to consider:

  • The European Commission’s official GDPR site: This site offers the most comprehensive overview of GDPR and related information such as a list of data protection authorities by country and a data protection infographic.
  • IBM’s GDPR Framework page: This is a good resource for corporate enterprises that still have more GDPR compliance work to do. Their structured, five-phase self-assessment can give you a sense of where you are. The IBM Data Responsibility and the GDPR video provides an excellent overview.
  • Gartner’s Are You Ready for GDPR?: Good resource for large enterprises working to go beyond compliance in preparation for regulation that’s coming to the U.S.
  • HubSpot’s GDPR Compliance page: This has lots of general information about GDPR. I really like the Important Components of the GDPR section at the bottom of the page. Also, if you’re just starting to dig into GDPR, start with their GDPR Glossary.
  • Fast Company’s list of data brokers: Besides providing a pretty extensive list of data brokers that buy and sell your personal data, it includes details on various ways to opt out or how to file a complaint with the FTC.
  • Vermont’s Act 171: This is a state law aimed at making data brokers more transparent.
  • CCPA: This is the bill that was passed last year slated to go into effect on January 1, 2020.

Photo by Glen Carrie on Unsplash

ccpa data gdpr marketing privacy security

Lionel Menchaca

Lionel Menchaca is a veteran tech industry digital strategist and freelance writer based in Austin, Texas. He previously worked as W2O Group’s Director of Corporate and Strategy and served as Dell’s chief blogger for seven years before that.

Twitter

Join the conversation

Reader Interactions

  1. Shah Kashish kalpesh on

    October 15, 2019 at 1:28 am

    Change the address in elections card

    Reply
  2. Aaron Werner on

    November 1, 2019 at 3:13 pm

    I wonder if data cleansing tools can highlight pci or pii in order to remove or redact the information? I have found a number of tools ( https://www.bisok.com/data-science-workbench/data-cleansing-tools/ is one) that look like they could do the job. Wonder what the experts are using.

    Reply
    • Lionel Menchaca on

      November 4, 2019 at 8:20 pm

      Good point Aaron. Think we’ll see more dara cleansing tools like Grooper as more companies focus on GDPR compliance and more regulation starts to happen in the United States. IBM Datacap and AWS Textract from Amazon are two other examples of services that help automate at least some of the cleansing process. Thanks for taking the time to comment!

      Reply

Leave a ReplyCancel reply

Primary Sidebar

Liked this article? Share it!

Featured Posts

  • Velocitize Talks: James Bavington of StrategiQ on WordPress, ...

    Eileen Smith

    March 29, 2024

  • 3 Best Link in Bio Tools for Instagram

    John Hughes

    March 27, 2024

Recent Posts

  • Velocitize Talks: James Bavington of StrategiQ on WordPress, WooCommerce & WP Engine
  • 7 E-Commerce Metrics to Track
  • 3 Best Link in Bio Tools for Instagram
  • How Real Brands Are Using AI Tools in 2024
  • Can You Use Custom ChatGPTs to Improve Your Website?

Recent Comments

  • John on How to Find Your Highest-Spending Customers (2 Methods)
  • JimmyniP on Registration Now Open for DE{CODE} 2024!
  • Digivider on How to Run a Successful Facebook Ad Campaign (In 3 Easy Steps)
  • Searchie Inc on 5 Best AI Content Generators for WordPress Site
  • Sophia Brown on Why You Should Add a Blog to Your Online Store

Categories

  • Agency
  • Analytics
  • Campaigns
  • Content Marketing
  • Digital
  • E-commerce
  • Events
  • Featured
  • Influencer Marketing
  • Insights
  • Interview
  • Marketing
  • Podcasts
  • Recommended Reads
  • Reports
  • SEO & SEM
  • Social Media Marketing
  • Spotlight
  • Statistics
  • Technology
  • Trends
  • Uncategorized
  • Website

Footer

A WP Engine publication

Categories

  • Featured
  • Marketing
  • Talks
  • Trends
  • Digital
  • Agency
  • WordPress Hosting

Pages

  • About Velocitize
  • Sponsored Content
  • Contact
  • Privacy Policy

Follow

© 2016-2025 WPEngine, Inc. All Rights Reserved.
WP ENGINE®, TORQUE®, EVERCACHE®, and the cog logo service marks are owned by WPEngine, Inc.

1WP Engine is a proud member and supporter of the community of WordPress® users. The WordPress® trademarks are the intellectual property of the WordPress Foundation, and the Woo® and WooCommerce® trademarks are the intellectual property of WooCommerce, Inc. Uses of the WordPress®, Woo®, and WooCommerce® names in this website are for identification purposes only and do not imply an endorsement by WordPress Foundation or WooCommerce, Inc. WP Engine is not endorsed or owned by, or affiliated with, the WordPress Foundation or WooCommerce, Inc.