Don’t Get Ambushed By the New GDPR

Posted by Jeff Pelliccio on Mar 15, 2019 9:00:00 AM

In ICS insights, Candidate, client, Legal and Compliance

The implementation of the EU General Data Protection Regulation (GDPR) has made a big impression on many global businesses. Complying with the European regulations might have seemed easy enough, but the truth for many U.S. digital marketers is that their work is not done yet—the real work is just beginning.

For those who are not familiar with the GDPR, it is basically data regulation introduced by the EU. Back across the pond in the U.S., California is taking similar actions by passing the California Consumer Privacy Act of 2018, also referred to as the CCPA. A big push has been made to protect consumers and the trend is expected to continue throughout the rest of the nation.

While marketers will have to adjust efforts in order to meet compliance standards for data protection, they are also subject to scrutiny following the recently amended Americans with Disabilities Act of 1990 (ADA). Though new regulations for the ADA were released less than a year ago, a new measure is on the horizon. This will likely send marketers back to the drawing board in order to make sure they are meeting the necessary requirements for compliance.

With the way the current business climate is going, many are questioning their next steps. One option is to wait and see if another law will come in suddenly, like the GDPR, and pin us against the wall. Another option is to take a proactive approach by staying ahead of the curve and prioritizing American compliance matters.

The proactive approach might be the key in setting yourself up for success down the road. With this option, there are things to consider that will give you an advantage.

Americans with Disabilities Act of 1990 (ADA)

In 1999, the Web Accessibility Initiative (WAI) of the World Wide Web Consortium (W3C) published a series of recommendations in an effort to make web content more accessible. The series is known as the Web Content Accessibility Guidelines (WCAG). In 2008, an updated version, WCAG 2.0, was released and became a standard by the International Organization of Standardization (ISO). In 2018, a new version was published, WCAG 2.1, which aimed to improve accessibility for groups with disabilities associated with learning, cognition, using mobile devices, and limited vision.

Since the WCAG 2.1 update already went into effect, your brand might be behind in the times, unless you prepared prior to the release date. Luckily, you have the chance to get on the ball for the next version, WCAG 3.0 with an expected publication date in 2021. If all of these regulations are a bit overwhelming, it might make sense for you to hire a consulting firm to guide you through the compliance process. There are firms that specialize in ADA, which means they will be able to take a keen eye to your website and give you an honest audit and recommend the necessary steps to meet requirements. 

Be sure to loop in your website designers, or those who manage the site maintenance, so that they will be able to make the appropriate changes to your site based on the audit completed by the consulting firm. It will be tough for the ordinary person to catch any overlooked compliance details, due to the intricacies of the WCAG. If you do not follow all of the guidelines, you may find yourself or your brand subject to a lawsuit.

As there are many ADA consulting firms to choose from, be on the lookout for one who has dealt with the law changes as they have happened. It is important to utilize experienced consultants who are able to analyze the evolution of the regulations and help you in preparing for future adjustments in the event it is necessary

It would also behoove you to choose a firm that has done work in your industry. ADA compliance is different per industry, so a firm with that specific experience will give you an advantage. They will be able to quickly and easily pinpoint the key issues on your website that will need to be addressed.

Consumer Data Protection

As of January 1, 2020, the CCPA regulations will be implemented. It is important to note that it will affect not only businesses that operate within California but also businesses that market to residents of the state. Specifically, it will apply to those that do over $25 million in gross revenue per year and has access to the personal information of 50,000 consumers or greater. It will also apply to businesses who get most of its revenue from selling the personal info of its consumers.

Since the goals of both the CCPA and GDPR are similar, in that they aim to protect the personal data of all individuals, once your business complies with one set of guidelines, it will not be difficult to align with the others.

As you would hire a consulting firm to audit your website for ADA compliance, it would be a good idea to do the same for data protection. Here is a list of best practices that your website should employ when all of the legwork is complete:

1. Let your customers know their data is being collected.

The CCPA states that consumers have to know that their data is being collected by any company. This includes specifics, such as where it is collected and when it is collected. They should also have the choice to offer their information or decline to offer their data without penalty. This can easily be done by adding a pop-up notification on your website or disclaimer upon accessing a form.

2. Provide a copy of your customer’s data.

It is required that your company give your customer access to the data that you have collected from them. They have the right to know if it is being sold or shared with another party, as well as the right to delete or destroy the information at any time.

3. Do not accept data from a third-party.

By taking information from a third-party, you have no control over the quality and authenticity of the data. You also run the risk of receiving information that was illegally obtained.

4. Do not sell your customer’s data.

It would be a bad idea to sell your customer’s information. By avoiding this action, you will save your company the risk of giving away personal data without permission from your customer.

5. Make data quality the highest importance.

With all of the changes to data collection guidelines via new laws and regulations, it is important to be selective with the information collected. Make sure it is high quality and relevant to your business. Do not risk the reputation of your company or waste your employee’s time by receiving an endless amount of useless data.

You'll need the right talent to take advantage of all that useful data in the right and compliant way. Click below to start your search for the people who can bring your business to the next level. We'll be happy to connect you!Find Talent NOW