woman hiding her face behind a book
PHOTO: Josh Edgoose

As the dust still settles on the enactment of Europe’s data privacy rights earlier this year, US companies are bracing for a fresh round of compliance hype — and this time it hits closer to home. The introduction of the California Consumer Privacy Act may start a domino effect on the way US companies collect, store and use personal data.

California’s new data privacy law goes into effect in January 2020. The International Association of Privacy Professionals provides an overview of the regulation and some of the many implications for US businesses, including:

  • Consumers can request a record of what types of data an organization holds about them and what they are doing with it.
  • Consumers will have the ability to object to the sale of their data, and businesses will have to put a special "Do Not Sell My Personal Information" button on their web sites to make it easy for consumers to object.
  • The law would be enforced by the Attorney General and result in a $7,500 fine per violation.

As the Facebook / Cambridge Analytica uproar showed, Americans it seems actually do care a great deal about their personal data. But brands may lack the inspiration to act until enforceable regulations and penalties are in place to protect consumers. 

Now government officials are reacting to a groundswell of backlash as consumers are fighting to take back control of their personal information in response to major privacy scandals that have come to light in recent years.

As with many security and privacy-driven policies, Europe was first to lead with General Data Protection Regulation (GDPR). Now progressives, like California, are following suit … and as we know, as California goes, so does the rest of the country. The California law technically applies only to their state residents, but it will most likely have much broader national implications. And with talks of a potential national data privacy law in the works, this could get very interesting very quickly.

Related Article: Why California's New Privacy Law Signals a Major Shift in the Privacy Landscape

Lessons Learned From GDPR

For those impacted by the California Consumer Privacy Act, there is one major lesson to be learned from our European counterparts and their journey to date with the GDPR: get started, yesterday.

By the time the GDPR legislation came into effect this past May, few companies found that they were actually ready to fully comply. The struggles were many: some had challenges identifying where their customer data was in the first place, others had to establishing what the legislation means for their business, and still others had to put in to place processes that didn’t exist to orchestrate these activities across the organization.

At its core, what’s needed is a "system to manage systems," so to speak. Organizations found the data scattered everywhere across multiple CRM systems and related databases — often in 20, 50 or more locations where customers’ personally identifiable information (PII) is held. Unfortunately, much of this infrastructure is not connected because it never had to be, until now.

Related Article: Will There Still Be Marketing After GDPR?

Do These Regulations Mark the End of Personalization?

Now, many marketers may ask themselves if this new era of data privacy legislation spells the end of personalization. How can they provide personalized experiences if consumers won’t grant them access to the data that fuels it? But in reality, the exact opposite may be true: it only increases the importance of personalization.

So how do marketers rise to the challenge? It starts with respecting the customer and their data. You must show them that you use it to engage with them in a way that drives real value — not just for your business, but for them. It means not wasting their time with irrelevant communications. Every irrelevant message sent only increases the likelihood they will ask for their data back. Marketers that can show they can add value with true one-to-one engagement will keep their permission to play. And those that don’t will quickly find themselves cut off from the data stream. In this respect, this new era is not just about how to get it right, but now equally about making sure you don’t get it wrong.

This new era of customer data protection and privacy can be a great thing for businesses — if they get started quickly, with the right mindset in place for long-term success.