In our fast-paced modern business world, customers expect near-instant responses to their requests. This doesn’t just mean they want their orders delivered on time or emails answered promptly. If they don’t want to hear from you anymore, they expect you to stop contacting them immediately.
Marketers will immediately see the problem. Many marketing campaigns are scheduled weeks ahead of time or triggered automatically when a user visits a website. Either way, it’s easy for users to slip through the cracks and continue receiving communication from you even if they’ve opted out. This obviously reflects poorly on your company.
Privacy Compliance Laws & Their Ongoing Evolution
New privacy laws are established, and older ones are updated, more frequently than you might think. In the past year alone:
- Israel proposed significant amendments to its existing privacy regulation, the Protection of Privacy Law (PPL).
- China’s Personal Information Protection Law (PIPL) went into effect.
- Virginia set the Consumer Data Protection Act (CDPA) to go into effect in January 2023.
- California set the Consumer Privacy Rights Act (CPRA, also known as Proposition 24), an expansion of the previously passed California Consumer Privacy Act (CCPA), to go into effect in January 2023.
- Colorado set the Colorado Privacy Act (CPA) to go into effect in January 2023.
This doesn’t even take into account privacy bills that are still making their way through committees. And judging by recent history, authorities can and will enforce these laws to the best of their ability. The court of public opinion is also not kind to companies that refuse to respect privacy. Several recent examples include:
- WW International (formerly known as Weight Watchers) was fined $1.5 million for collecting, retaining, and processing the data of minors (which is illegal under COPPA).
- Amazon was fined $888 million USD for GDPR violations.
- GDPR fines as a whole increased nearly sevenfold since 2020.
- Following significant privacy management failures, Facebook lost approximately 1 million users and its stock dropped by 26%, setting the record for the largest stock drop in a US company every recorded.
How Do Privacy Laws Compare?
Privacy laws in different countries (or states) often contain significant overlap. This makes sense – many of these laws draw from a common source, the European Union’s GDPR. But their requirements differ enough that complying with only one isn’t good enough. You must keep track of each law that applies to you, know what it requires, and follow through.
That said, it’s also critical to know what these laws have in common. Most privacy laws include provisions for:
- Rectification of data
- The right to be forgotten (to have one’s data completely wiped from a company’s records)
- The right to opt-in or opt-out of receiving communications from a company
Companies subject to these requirements must keep track of their customers’ preferences and honor them. When these laws change, however subtly, companies must re-evaluate their previous activity in light of these new requirements.
So, what exactly does this mean for companies that store and process personal data?
Know Which Privacy Regulations Apply
Depending on where your customers live and/or conduct their online activities, different privacy laws will apply. And this holds true regardless of where your company is located. A business based out of Texas must honor the GDPR for customers in France, the CCPA for customers in California, etc. Research which laws apply to your customer base.
Maximize Your Marketable Contacts
Your marketing team obviously wants to collect as many marketable contacts as possible. Meanwhile, your legal department wants to avoid financial penalties and customer dissatisfaction that might come from overzealous marketing. Make them both happy by understanding what privacy laws allow.
Most regulations specify how long you’re permitted to store and process user data before requesting renewed consent. Customers that do not renew consent must then be removed from your database. Even if you aren’t subject to any laws that require this, removing expired contacts is simply a good business practice. This allows you to quietly retire contacts who haven’t shown any interest in your business in quite a while. Meanwhile, you can focus on people more likely to buy from you – and who actually want to hear from you. For this reason, companies should establish their own time to live policy for customer data even if the relevant laws don’t require it.
Simplify Your Compliance Update Process
Ideally, your marketing system can adjust to new or updated privacy laws with minimal configuration. It should also automatically re-evaluate previous consent activity in light of the new requirements to ensure ongoing compliance. Comprehensive updates to data entry points, such as online forms or list uploads, consume time and money that you can’t afford when new laws are looming.
Apply Real-Time Consent Across the Enterprise
It’s not just your marketing systems that need to be aware of consent. Your CRM system, your ERP system, your support tools, and many other systems will need updates as well. Every entry point where customer data is collected, or where that information is used for communication, should fully comply with laws and customer choices.
As an example, take a look at the Oracle Eloqua screenshot below. Here, a 4Comply decision steps checks for permission prior to sending an email. The email is only sent if permission exists for each contact.
Managing Consent Effectively
Managing consent across multiple systems and jurisdictions is a complicated task. What’s more, customers expect real-time consent management to immediately respect their choices, not in a few days or weeks. Companies need tools that simplify managing consent and enable systems to re-confirm permission before communicating in real-time. And these tools must work across the entire enterprise. Fortunately, we have a solution: 4Comply.
4Comply is an API Solution for quickly building highly customized consent apps without building an in-house consent management framework from scratch. It helps privacy officers and business leaders implement consent management to improve customer experience and build trust with customers. 4Comply offers a complete solution for adding privacy compliance to all your systems.