Chances are, most mid- to large-sized retailers will be impacted by the California Consumer Privacy Act (CCPA). As it stands, some out-of-state and international businesses selling goods to California residents must be CCPA-compliant. With the law now in effect, becoming so quickly is a to-do for all retailers.
Far less strict than the General Data Protection Regulation (GDPR), the U.S.’ most stringent privacy law gives Californian consumers the right to access their personal data, opt out of data sharing, know how businesses collect and sell data and also request its deletion. For businesses not compliant by July 1, the California Attorney General can levy fines of up to $7,500 per violation and $750 per consumer, per incident.
Online businesses that aren’t CCPA-compliant and don’t have immediate plans to fix this may see financial and resource pains as the weeks go by. So it’s best to tackle a self-assessment today, then create a process to be compliant using this handy step-by-step guide.
Identify Where Consumer Data Sits
Perhaps the biggest task for retailers around CCPA is conducting a full audit to know where consumer data is stored and how it’s used. A close second: managing the flow of shared data across digital products. An indicator of CCPA readiness is if a retailer has contacted their partners responsible for collecting data.
Web Site Homepage Update
No matter which online businesses sell to Californians, the updating of privacy policies is required. For retailers giving third parties access to the personal information of consumers for monetization, they must provide a link, titled “Do Not Sell My Personal Information,” to a web page where consumers can opt out of having their personal data sold. Additionally, the site’s homepage footer must include this link.
Consult A Lawyer
In addition to web site updates, CCPA requires vendor agreements or contracts with “service providers” to be changed. Lawyers with experience in privacy legislation have been fielding questions from California organizations preparing for CCPA for months. Retailers are urged to get with their legal team and try to future-proof this paperwork.
Prepare Now Or Pay More Later
$55 billion. That’s how much 75% of California companies are expected to spend in initial CCPA compliance costs. As time passes, it’s possible that the costs and resources needed for implementation will increase. If possible, retailers should locate partners that helped organizations achieve GDPR compliance, as they could expedite the process and help businesses hold onto profits.
Prep For CCPA To Go Interstate
Retailers now getting CCPA compliant will have a head start on forthcoming state laws or a national policy. A huge unknown is not if, but how CCPA-like laws will take form nationwide to protect citizens. Being on the “data defense” with consumers is never a place a retailer wants to find themselves.
Trust-Building Thanks To CCPA
As retailers look for ways to improve customer experience, they should view CCPA as a “golden opportunity.” Through that lens, CCPA is not a nuisance. Rather, it’s a chance for businesses to show customers how they deliver true value in exchange for data.
Data management reform in the U.S. has begun with CCPA. As with GDPR, this privacy law enables progressive brand and retail marketers to make incremental gains to build consumer trust, improve loyalty and boost retention. Long term, CCPA-ready retailers may be in for an unexpected appreciation for the law as a result of closer customer relationships. Who knows, CCPA could be a welcome wake-up call for retailers.
Alex O’Byrne is the Director and Co-Founder at We Make Websites, the Shopify Plus agency for international brands. O’Byrne oversees the agency’s U.S. arm and the transformation of direct-to-consumer businesses for companies including Hasbro, PepsiCo, Skinnydip London, Penguin Books, Harper Collins, The Economist, and the BBC. The company has offices in London and New York.