Privacy compliance is no piece of cake.
In 2019 alone, the business world saw a shakeup brought on by a slew of new state laws and year one of the General Data Protection Regulation (GDPR) implementation.
And the companies that came out on top had a few things in common: transparent messaging to consumers, a privacy-centric re-brand, and tricked out privacy policies that used eye-catching marketing tactics.
We know what it took to win at privacy in 2019. But what will privacy best practices look like in 2020 and how can brands – both big and small – get it right?
To answer that question, we’ve created an authoritative guide on what to expect in the year to come and a complete 2020 privacy compliance checklist to keep you on track.
Finalize CCPA Compliance
You can’t talk about a 2020 privacy compliance checklist without putting the California Consumer Privacy Act (CCPA) first in the queue.
The CCPA is the most comprehensive general data privacy bill of its kind to pass in the United States at a state level. The long-awaited regulation went into effect on January 1, 2020. And pending amendments are set to be finalized by spring of this year and fully enforced by July 1.
For companies with customers in the Golden State, it’s imperative your marketing and operations be 100% compliant with the CCPA as soon as possible. And if you’re one of the 8% of U.S. businesses that say they’re unprepared for CCPA compliance, the time to get started is now.
Individual rights and managing data correctly play a significant part in CCPA compliance.
In fact, they may continue to take center stage as final changes to the regulation are passed, making the final law stricter than the original requirements.
Following the steps to CCPA compliance to a tee is advisable whether you’ve finished implementation, are in the middle of it, or are just getting started. The CCPA is definitively the toughest state privacy law in the country, requiring significantly more transparency from companies than ever before.
Getting CCPA compliance right in 2020 isn’t just a recommendation.
It’s a must-have for any company that doesn’t want to face heavy fines, a brand image disaster, and a slow-but-sure creep into irrelevance with consumers.
Prepare for New State & Global Regulations
The privacy regulation fun is just getting started. In 2020, the United States and the world will see the data compliance revolution in full swing.
Many states are following the lead of California’s major legislation, as well as Nevada, Illinois, Maine, Vermont and South Carolina that all made updates to existing privacy compliance regulations.
Enter the Texas Privacy Protection Act, the New York Privacy Act, and Washington State SB 5376.
Each of these state regulations differs from each other and from the GDPR and the CCPA. For example, Washington State is focused on protecting its citizens when it comes to facial recognition data. Texas is focused on improving prevention and communication about data breaches, even appointing its own five-member privacy protection advisory council. And New York’s privacy compliance law is predicted to be even harsher than the CCPA.
Companies must stay on top of new state regulations in 2020 to understand how they differ from each other and – most importantly – how to implement them.
If the differences in state laws set to take effect in 2020 are overwhelming, just consider the international privacy laws on their way, too. The most significant of these is Brazil’s General Data Protection Law (LGPD) effective August 1.
The LGPD covers a number of issues focused on gathering and processing personal data for Brazilian citizens. Although much less comprehensive than the GDPR, the LGPD has many similarities to the landmark European privacy regulation, including obligations to appoint data protection officers and perform data protection impact assessments.
Companies would do well to educate themselves about how these new state and international privacy compliance rules apply to their business practices. No doubt more are on the way, and companies who get a head start now will fare better in the long run.
Execute a Privacy-Integrated Strategy
Privacy compliance is a relatively new concept. The advent of the internet, mobile apps, and smart devices ushered in a Wild West era of digital marketing that toed the line of personalization, data sharing, and consumer security.
With the GDPR – and now the CCPA – marketers have been forced to take a step back and rein in their questionable practices. Implementation has been more of a tacked-on tactic to the marketing strategy than a seamless integration.
All that will change in 2020 for companies that want to profit from privacy compliance instead of just begrudgingly accept it.
Companies such as Monday.com, Ticketmaster and Apple are worth emulating in this situation. Uber and MailChimp have created subtle CCPA user experiences, as well. Each has embraced privacy compliance and not only executed well on all regulations, but is working to fuse it with the company’s brand image and mission.
But this marketing and product privacy compliance goes well beyond user experience. Privacy by design needs to be at the forefront not just of a new marketing strategy, but all business-related decisions.
For example, when teams discuss project costs, technology, and people when launching a new product idea, privacy now needs to be a part of that initial conversation, too. When it comes to hiring vendors, companies will need to be thinking about creating GDPR and CCPA-compliant agreements for them.
And when brands are brainstorming new campaigns – whether marketing, products/apps, or overall business strategy – the process needs to include a checklist for compliance with the GDPR and CCPA.
Smart marketers will follow this lead and understand that the foundational ideas, messaging, and images of their brand must all be surrounded by privacy compliance. The intrinsic way marketing teams create will be based on privacy compliance best practices and gaining explicit consent and opt-ins from consumers.
Transparency and consent will transform marketing as we know it in 2020 and beyond.
Enlist the Help of a Fractional Privacy Officer
If you’re a company that’s recognized the growing importance of protecting against data breaches, you’re not alone.
It’s not uncommon for most companies today to have a full-time Chief Information Security Officer (CISO) or contracted Virtual Chief Information Security Officer (vCISO) on staff. But privacy compliance is a completely different animal than security, one that CISOs and vCISOs aren’t equipped to address.
In fact, you’ll need a dedicated privacy compliance person for these tasks.
Fractional Privacy Officers (FPOs) provide a sustained, proactive approach to privacy compliance. This expert is focused on the day-to-day operational execution of privacy compliance, as well as ensuring application of new and changing privacy laws, regulations, and policies.
An FPO ensures your marketing and operations stay compliant by troubleshooting issues before they happen.
In 2020, more and more companies will be hiring FPOs to handle privacy compliance so they can be proactive instead of reactive.
Conclusion: The Future of Privacy Compliance
No one can predict the future.
But there’s no doubt more privacy regulations and laws are coming down the line. And all we have to act on when it comes to privacy compliance in 2020 is not to repeat the mistakes of the past while learning from those that have earned success.
Privacy compliance is no longer a side issue. It’s the main event.
Companies would do well to take this to heart and train not just their marketing teams, but stakeholders from across the organization on the centrality of privacy compliance to the success of the business.
Educating your company should be a priority in 2020, and our team of specialists is here to help. Just reach out to schedule a custom session for your team. As subject matter experts in privacy compliance, we can also help you with a privacy-focused marketing strategy and FPO duties.
Schedule a free consultation today!