During the lead up to the introduction of the General Data Protection Regulations (GDPR), customer data, privacy and consent for marketing became the obsession for pretty much every business across Europe. And now "GDPR mania" is set to come to the US, with the announcement that California is due to implement its own similar regulations known as the California Consumer Privacy Act (CCPA).
Due to come into effect on January 1st 2020, this new set of regulations is considered by some to be the most robust privacy protection measure ever seen in the United States.
In parallel, according to leading analyst firm Gartner, between 5% to 20% of organizations have now adopted a Customer Data Platform (CDP), and many organizations across Europe have been investing in CDP technology to help mitigate risks borne out of the GDPR.
By its very nature a Customer Data Platform unifies data, removes duplicates and structures the data in a way that is easily accessible and rigorously audited. It also enables all preferences, interactions and behaviors from all online and offline marketing channels to be maintained in one unified database.
For the right to be forgotten or erased, as well as fulfilling Subject Access Requests, this is a compelling reason to buy a unified, persistent database.
So, with the upcoming CCPA, what can US firms serving citizens of California learn from our EU counterparts? Will brands be looking at CDP technology from European vendors that already understand stringent GDPR laws?
The differences between the California Consumer Privacy Act and the General Data Protection Regulations
The California Consumer Privacy Act gives consumers the right to know what information businesses are collecting and storing about them, how their data is being used and with whom they are sharing their data. It gives consumers the power to ask the company to delete their information altogether or to stop selling it, and makes it easier for consumers to sue companies that have breached their data. It also requires children under the age of 16 to opt-in before any data about them can be collected.
The goal of the California Consumer Privacy Act is ultimately to give back control of personal data to the customer. This means that organizations who collect, store, analyze and use this data must ensure they are compliant with the data privacy laws of the region in which they are operating, or else face the potential of a large penalty. In instances of unauthorized data access, the consumer can claim damages of $100-$750 per instance, or actual financial damages, whichever is the greater.
Whilst the California Consumer Privacy Act is all about consumer data protection, it differs from the GDPR in a number of ways. Unlike the GDPR, the CCPA does not require customers to opt-in to receive marketing consent, and consumers have to opt out of having their data sold, rather than opt in, as is the case with the GDPR.
Businesses complying with the GDPR should also not assume they will be automatically compliant to the CCPA. Whilst it is unclear whether this law will apply to all US citizens or just California residents, it is inevitable that over the coming years we can anticipate this bill being adopted by other states across the US in an attempt to give more power back to the consumer.
How does a Customer Data Platform help with CCPA and GDPR compliance?
Staying compliant in the evolving world of data privacy laws (especially as GDPR is now providing a template for other states and nations) can feel like an overwhelming task, but this is where a Customer Data Platform (CDP) can be of great benefit.
Driven by first party data, it empowers marketers to consolidate fragmented data into one place, build accurate customer profiles and structure and govern the data in a very meticulous and audit-able way. This is a Single Customer View process, which provides you with a single source of truth throughout your entire business and makes your use of data accountable. Therefore, preferences across all different channels can be maintained within one holistic view of all the customer data.
By unifying, cleansing and deduplicating all your first party customer data from disparate data silos, with a CDP you can be sure that the data you are seeing is the latest, most up to date version of the information you hold on your customers. For example, if a customer decides to unsubscribe from direct mail via an email preference center or form, your CDP will store this information and build them into a direct mail suppression list. This confirms that they are still not bombarded with unwanted marketing content through any other channels.
A Customer Data Platform such as BlueVenn goes a long way in helping to ensure that you are compliant to the laws and regulations of the region in which you conduct your business operations, making it less likely that you will end up facing a hefty penalty.
Prepare for the California Consumer Privacy Act with BlueVenn
In a time when data privacy is at the forefront of everyone’s mind, it is inevitable that other states within the US will follow suit. It’s essential to be prepared for these forthcoming changes with a Customer Data Platform, which ensures you stay in control of your customer data and deliver the most relevant customer experience based on customers’ preferences and permissions.
With BlueVenn already helping European businesses to maintain their GDPR compliance; and with the California Consumer Privacy Act being a little less far-reaching, the BlueVenn Customer Data Platform is in a perfect position to help optimize your use of first and third party customer data.