With the introduction of GDPR over a year ago, those of us who process data were hit with a wave of new legislation. Requiring us to implement the correct measures to protect personal data and cater to people’s right to access it. A lot of businesses were caught off guard with this.

So we’re here to hopefully lend a helping hand to our Californian counterparts who are experiencing a very similar situation at the.

A move in the right direction

The start of 2020 brought a new data protection act in the state of California. Labelled as the California Consumer Privacy Act (CCPA), which is a statute intended to enhance the privacy rights and consumer protection for residents in California.

Now to us, over here on the other side of the pond, that rings all too familiar. It was back in May of 2018 that European companies responded to the implementation of the General Data Production Regulation (GDPR) across Europe.

Data Protection Keyboard

For a good six months around May 2018, news sites and social media streams were flooded with GDPR guides, checklists, the one secret that’ll grant you GDPR mastery type blogs. So, forgive us if this brings up a few memories.

Will CPPA regulations affect you?

The CPPA regulations claim it’s not focussed on the size of your business, but whether your business meets certain criteria such as;

  • Annual gross revenue is over $25 Million
  • Buys, receives or shares information of 50,000 or more consumers, households or devices
  • Derives at least 50% of annual revenue from selling California consumers’ personal information

If you are dealing with customer records, you’re likely working with a CRM to manage your data. Your CRM is a tool to build trust and loyalty with customers, so the professional handling of personal customer data is essential.

“92% of companies use databases to store information on a customer or prospect.”

GDPR has had a big effect on how businesses collect, store and securepersonal customer data. Companies of all shapes and sizes have had to evolve in a landscape where the public is protected by law, to ensure their data is handled with care.

Here are the key things we learnt from GDPR rollout that might help you.

Communication CCPA

Communication is key

Constant interaction with your legal / compliance teams will help you understand what the landscape is looking like currently. So you stay up-to-date on relevant departmental changes and needs that may affect your processes.

Don’t let this opportunity to strengthen relations laterally across your organisation slip away. GDPR wasn’t (or isn’t) solely an IT issue, it encompasses all aspects of your company to ensure consumer privacy requirements are met.


Adapting to the new realities of data protection requires modern solutions. Employing data scientists and integrating data retention strategies throughout your organisation are good first steps.

Cloud Storage CCPA

With most modern cloud services aware of the paradigm shifts towards data protection, a lot are now designed with regulation in mind. This can take a lot of the headache out of compliance worries for companies that may not be certain of their own architecture.

Mobile device management (MDM) platforms can also help mitigate issues with information sharing across departments. This allows employees to carry out their jobs with added protection for compliance.

CRM’s are your best friend

Ensuring you follow the stringent regulations laid out by the Californian government is of utmost importance. What CRM’s have gotten really good at is adapting to the introduction of GDPR and integrating features that ensure compliance.

If you haven’t already, now might be the right time to migrate your data to a reputable CRM.

Proper consent

Under GDPR companies are required to provide opt-in options for marketing preferences, however, CCPA requires that you give customers the option to opt-out.

Under GDPR, consumers need to take action to opt-in, as opposed to opting out when it comes to their data being used for secondary purposes, so pre-filled checkboxes about receiving marketing offers from partner companies are no longer the norm in Europe.

Under CCPA, it is only required that the consumer is given the option to control their marketing preferences.

Our advice? Stay ahead of the curve and implement GDPR consent processes in data capture. Adopting one global strategy for data collection will simplify efforts going forward.

There are also a number of CRM’s that offer an intuitive way for customers to change or withdraw their consent after it's been given.

Subscription management

Use changes in the law as a means to keep your email database clean and up-to-date. Ensure email communications include options to unsubscribe or manage subscriptions and allow your customer to determine if they would like to carry on receiving content from you.

Data management features

A CRM with the right data management features can save you a lot of time in the long run. If an individual asks for access to their data you need to have the means to export it when they ask.

Having a CRM that allows you to export data in a .CSV file will mean its accessible to anyone who requests it.

Key Takeaways

The overriding theme of our learnings from GDPR is to give control of your customer’s data back to your customer!

Seeing your database shrink may be painful, but ultimately, sending communications to those who want to receive them will be more valuable to your brand in the long term.

We hope these lessons, learned from GDPR help you over in sunny California to cope with the introduction of CCPA regulations.

If you’re interested in learning more about how GDPR impacted smaller businesses then check out our ‘Why GDPR training is a big deal for small businesses’.

Take the first step towards valuable data

With our Data Capture app and Data services team on offer we provide all the tools necessary to unlock the value in your customer data

Get in touch

Stay up to date with Gather