As consumers become more careful about the personal data they share, and regulators step up privacy requirements and enforcement, it’s incumbent upon organizations to implement policies, practices and training to comply with laws granting consumers more control over how their data is collected and used.

According to a KPMG report, 86% of surveyed consumers say they are increasingly concerned about the data being collected on them when visiting websites, using apps and purchasing products and services. 

The General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) are privacy laws designed to give consumers more authority over what personal information organizations can collect on them and how it is used, and sets requirements for how companies store and protect the data. Organizations that fail to comply with these laws can face steep fines and damage both their reputation and consumer relationships.

While organizations are required to comply with these laws, Q1 2022 research conducted by CYTRIO on the state of companies’ readiness found that 90% of companies are not fully compliant with the CCPA and 95% are unprepared for GDPR. 

What is the General Data Protection Regulation?

The GDPR is a European privacy law that protects the personal information of consumers living in the European Economic Area (EEA), which includes the European Union countries plus Iceland, Norway and Liechtenstein. Enacted in 2018, the law gives consumers the right to access, delete or control the use of their data and requires organizations in the US and elsewhere to secure consumer permission to share data if they:

  • Process the personal data of EEA citizens or resident
  • Offer goods or services to EEA citizens or residents
  • Use web tools that track cookies or the IP addresses of website visitors from EEA countries

What is the California Consumer Privacy Act?

Signed into law in 2020, the CCPA creates a uniform set of privacy rights and standards that apply to every California consumer. This includes:

  • The right to know what personal information a business has collected, used, shared, or sold about the consumer
  • The right to require a business to delete personal information it has collected
  • The right to opt-out or stop a business from selling their personal information
  • The right to non-discrimination so a business cannot deny goods or services, charge a different price, or provide a different level or quality of goods or services just because a consumer has exercised their rights under the CCPA

Organizations doing business in California or handling the personal data of California consumers or households must comply with the CCPA if they:

  • Have a gross annual revenue of over $25 million
  • Buy, receive, or sell the personal information of 50,000 or more California residents, households, or devices or
  • Derive 50% or more of their annual revenue from selling California residents’ personal information.

GDPR and CCPA Training

As part of a comprehensive compliance program, effective GDPR and CCPA training ensures that employees and managers understand the importance of appropriately handling and safeguarding customer privacy. By reinforcing best practices and addressing questions and concerns, training raises organizational awareness of consumer privacy requirements to avoid potentially costly consequences.

Traliant Insight

Efforts to pass more data privacy regulations like the CCPA and GDPR are increasing as consumers demand more transparency and control over their personal data. Training employees and managers how to properly handle customer data, secure it and address customer privacy requests is essential to staying compliant with regulations and building trust with customers.