Data protection law can be described as the biggest data protection law in a generation giving ordinary people unprecedented control over data which companies holding about us.
Today nearly every part of your life is digitized & it can be tracked & logged. Every Picture, Every Comment, Every purchase Everything!!
More & more of your personal information can be collected, stored & treaded by the companies in the open markets. The Data protection law protects the interest of Digital user & the covers his Personally identifiable information (PII) like Name, Contact details, Computer location etc.
With data protection law organizations have to prove that they have law full reason for holding such kind of personal data & even more importantly they are keeping it safe.
General Data and Privacy Regulation (GDPR )
GDPR which stands for General Data and Privacy Regulation, came into effect in May 2018. Before we go further you must be thinking what is GDPR? It’s legislation that gives people more control over the data they share to various companies who use these data for targeted advertising, personalized SMS and emailer, CRM, etc. Therefore, companies must inform people about the type of info/data that are being collected, how they will use it, and allow people with a choice whether to agree to the terms and share their data or not.
The penalties for not complying with GDPR are huge and it ranges from 10 to 20 million euros or two to 4% of a company’s worldwide revenue from the past year. Please note that it doesn’t include the cost of litigation. Will GDPR go away? Not certainly as California just passed a new online privacy bill that takes effect in 2020, and other countries could do the same as people realize the value of the data they share, and they want more information and control over how it’s used.
Therefore, the most important thing is transparency. Hence, putting the users first and communicating policies and safeguarding user data are key factors. One can read more about GDPR by visiting the official website. It’s also a good idea to consult an attorney to make sure that you are in the right path when it comes to data privacy and management practices. Otherwise, you can face stiff penalties and moreover a loss in business reputation and customer trust.
What “California Consumer Privacy Act” means for brands
In 2018, the GDPR changed the way brands dealt with consumer data and privacy. Now, brands working in the US are bracing for another legislative change, the California Consumer Privacy Act, or CCPA, which will come into effect in 2020.
The CCPA is a first major privacy law in the US. It puts consumers first when it comes to managing their personal data. If your company conducts business with residents in California, you have to offer your website visitors or mobile application users an easy way to opt out of data collection, and this will have a direct impact on your digital marketing in terms of targeting the audience and remarketing.
Your brand must comply with the CCPA if you meet any of the following three criteria.
- Your gross revenue is greater than $25 million a year.
- You collect, sell, or share personal information on 50,000 or more individuals.
- Your company makes 50% or more of its revenue by selling people’s personal information.
Like GDPR, the CCPA will give consumers control over the privacy of their personal info/data and how it will be being used. As a company, you are supposed to inform people that you are collecting their data, what you will do with it, how long will you keep and safeguard them, and whether you are sharing or selling it to any outsider or third party vendor or organizations. People have a right to ask you to stop providing their information to third-parties like ad tech suppliers. And you need to offer consumers an easy way to delete their data or a button that lets them easily opt out of data collection entirely. How will this affect your digital marketing campaigns?
The Interactive Advertising Bureau developed a framework to help its members follow CCPA regulations. The framework consists of two parts.
- A contract that ensures ad tech partners adhere to the law’s restrictions,
- Technical specs that enable brands to put in place mechanisms to comply.
What will be the penalties for non-compliance? Well, we will have to wait for the coming months. Meanwhile, your company should look how the legislation might affect your business and talk to your attorney to ensure that you are already in the right track and prepared to comply with the data privacy legislation and personal data protection law and by no means you are breaching them. This will help your business to maintain a great reputation and win over customers by building a solid relationship with utmost transparency and trust.