GlobalSign Blog

Step-by-Step CCPA Checklist for Marketers

Step-by-Step CCPA Checklist for Marketers

The new California Consumer Privacy Act (CCPA), which went into effect on January 1, 2020, demands updates in the privacy policy of marketers.

Marketers and companies not only from California but around the globe are affected by this new privacy act. The act was implemented to protect the rights of consumers from California regarding the collection and processing of their data. Any company dealing with the people of California must abide by this law if they fulfill the given criteria:

  • The company has more than $25 million of total gross revenue
  • The company is dealing with the data of 50,000 or more consumers
  • At least half of the company’s total annual revenue is earned through selling consumers’ data

It’s important to note that the regulation applies to any company that has users based in California. If you’re doing business across the US, or globe, you’ll want to make sure you become familiar with the guidelines outlined in the CCPA – and fast.

10 Step CCPA Compliance Checklist for Marketers for 2020

The companies falling under the designated criteria of CCPA must take certain steps to comply with this new regulation. Failing to abide by the laws of the CCPA can lead to fines of up to $7,500 per record.

Following this checklist will help marketers take the proper steps to protect their customers and avoid these huge fines.

Step 1: Make Amendments to the Company’s Organizational Structure

The implementation of the new California Consumer Protection Act demands some structural changes in the affected organizations. They need to create specialized teams and assign them tasks solely related to data collection and regulation.

The responsibility of updating consumers regarding their available data with the company and answering customer queries is not as simple as it may sound. Companies also need to update their IT structure so they can monitor and maintain strict control over their data processing. Last but not least, companies have to update their legal structure to get compliance with CCPA.

Step 2: Update Privacy Policy

All companies falling under CCPA must update their privacy policy regarding the use and collection of data. Marketing teams will want to inform consumers of these changes via the company's official channels – for example, by email – and through their websites. This step is necessary to avoid any legal complications in the future.

Step 3: Provide the Option of Data Withdrawal

The new CCPA implies that consumers must be given the right to withdraw their data from the marketing sites at any point. Consumers have full authority over their data and can refuse to sell their personal data to any third party.

To get compliance with CCPA companies must add an option of “Withdraw my Data” or “Delete my Data” on their sites. They are legally bound to delete the consumers’ personal data and defer selling this data if requested by the consumer.

Step 4: Receive Consent for Minors’ Data

The new amendments in CCPA have a consent policy regarding the collecting and processing of minors’ data.

Unlike adults, where the company can use the data of the consumers unless they ask them not to sell their data or delete their data, the company needs parental consent before collecting or using any data of children between the ages of 13 to 16.

Step 5: Analyze All Sources of Data Collection

Most modern companies are actively collecting consumers’ data through various channels including social media and e-commerce sites. This data includes browsing histories, product preferences, previous purchases, and likes and interests of the consumers, along with their personal data. In most countries, Internet Service Providers (ISPs) collect and keep logs about user activities for 3 years or more.

According to CCPA, companies must provide specific details about the data being collected for consumers. Therefore companies must analyze all of their data sources and maintain records of data collected from each source. 

Step 6: Take Precautions Around Purchasing of Data

To get compliance with CCPA, companies not only have to act responsibly while collecting and processing their customers' data, but they also have to be cautious while purchasing data from any other company.

They must ensure that the data-selling companies are also working in compliance with CCPA and have well-maintained records of how and where the data is collected. Companies purchasing data from non-compliant companies and third parties are likely to fall in trouble in the future.

Step 7: Make Consumer Data Available On-Demand

CCPA requires all companies that fall under their designated criteria and deal with California residents to provide details around data that has been collected in the last 12 months on-demand. Consumers have the right to inquire about their data and its usage by the company.

For this reason, companies are advised to launch inquiry desks or portals to cater to data access requests and other related queries. This is important not only from a compliance perspective but also for improving the customer experience and general business efficiency.

Step 8: Devise New Strategies for Data Collection and Handling

The recent amendment of CCPA demands new strategies for collecting and handling consumers’ data. Companies not only have to regulate their previously collected data but also have to make strict policies for purchasing and collecting data in the future.

They have to monitor all the data that is processed and used on their platform and accept accountability for it. Any new strategies devised by marketers must comply with CCPA.

Step 9: Avoid Discrimination

The CCPA was designed to protect the rights of California residents. Therefore, it is essential for companies to avoid any discriminatory treatment of their consumers, even if they request the withdrawal of their data. Any biased attitude based on a consumer’s decision to opt-out or opt-in to data policies is intolerable and may result in legal complications.

Step 10: Stay Up-To-Date with Changes to CCPA

Rules and regulations around data protection will keep on changing with time. Any company dealing with the collection and processing of consumers’ data must stay up-to-date regarding any amendments to the CCPA going forward. Failure to make appropriate updates will not excuse you from fines or penalties.

Final Thoughts

Though the new CCPA was enacted in January of this year, marketers and companies still have a few months before they will be charged for voluntary and involuntary violations. This is an ideal time for companies to redefine their structures and create better processes around maintaining their data records. Starting on July 1, 2020, companies may have to face legal consequences if they fail to comply with new amendments of CCPA.

Share this Post