GDPR & CCPA Compliance Requirements – What You Need to Know

If you’re marketing to a variety of online audiences, you’ve probably heard the term GDPR by now.

But what is GDPR? 

What’s CCPA? 

And how do they impact you and your digital marketing team?

CCPA compliance requirements often get overlooked. But they shouldn’t.

Fines and penalties, while rare, could put you out of business if regulators decide to make an example out of you.

To help you understand your GDPR and CCPA compliance requirements, I got together with Robert Freund, an experienced advertising attorney. 

It’s his job to help you avoid business mishaps. And he shared some helpful insights about which data privacy laws apply to you, how to update your marketing, and when this all went into effect.

What is GDPR? 

GDPR was created by the EU to protect consumer privacy rights. 

It is intended to help consumers understand:

  • What personal information businesses are collecting
  • How their information is used
  • How to opt-out of data collection

If you have your own website, in order to be compliant, you may need to update your privacy policy. And if you have a separate social media policy, you may need to update that as well.

“It’s about updating your privacy policy…putting information about how you are using data and what you are collecting in front of the consumer,” said Robert.

This includes creating a cookie pop-up to let consumers opt-out of data collection if they choose. 

But, why does this matter to US companies? 

If you are a US business with EU customers — or it’s even remotely possible that someone from Europe may find their way to your website — you should be following GDPR rules when it comes to data privacy and disclosure.

“Even if you aren’t physically in Europe, the way the rule is written, it still applies to you,” said Robert. 

What is CCPA?

The California Consumer Privacy Act is California’s version of the GDPR, which went into effect on January 1st, 2020. 

You will be subject to the CCPA if you collect data from California residents and:

Exceed $25 million in gross annual revenue…


…obtain personal information from 50,000 or more California residents per year…


…50% or more of your annual revenue comes from selling the personal information of California residents. 

“If you’re a small business that’s not located in California, you still have to figure out if California residents are visiting your website,” Robert clarified.

If so, you are subject to the law and should be doing everything in your power to meet CCPA compliance requirements.

6 best practices for complying with CCPA privacy laws

Remember, you should be consulting with a professional attorney in your jurisdiction to ensure you are doing the following things correctly. This is not legal advice. But getting compliant may include these steps:

  1. Updating your privacy policy
  2. Updating your website policy
  3. Auditing what data you are collecting (and how)
  4. Having a plan in case of a data breach
  5. Giving consumers a very clear opt-out option
  6. Having disclosure guidelines in your social media agreements

“If somebody connected or employed by your brand is going to be talking about it online, you have to make that kind of disclosure, and it’s just good policy to ensure that everyone does that all the time,” said Robert.

The grace period for meeting CCPA compliance requirements ended in July 2020. So if you’re making more than $25M annual, you’ve got work to do.

It’s time to look over and possibly revise your website’s privacy policy! 

Have questions? Check out my free Social Media Compliance Course or download my social media policy template.

If you want to dig deeper into this topic, I have a free social media compliance courseware library you can check out if you want to learn more on your own.

In my Digital Marketing Springboard Program, we cover compliance in the Owned Media Phase, which is the first part of the process. 

Compliance is a moving target. My client Poster Compliance Center sells workplace compliance posters that employers are required by law to display.

And one of their offerings is an annual subscription, which ensures you’ll always have the most current posters to display.

That’s how frequently city, state and federal rules and regs change. You need to subscribe to a compliance poster provider just to stay up to date. GDPR and CCPA are two of the latest regulations to come into effect. And they’re both consumer privacy regulations, developed partly in response to the Cambridge Analytica fiasco

Or contact me if you need help navigating CCPA compliance requirements, or connecting with a good attorney who understands digital media compliance.

And for more important news and updates, subscribe to the B2B Lead Gen Podcast, where we share helpful digital marketing insights and effective tactics from industry experts.