Introduction
Consumer data privacy laws have officially arrived in the U.S. In fact, Gartner believes that “by 2024, over 75% of the world’s population will have its personal information covered under modern privacy regulations.” They have significant implications for organizations that leverage consumer data for marketing, advertising, monetization, and other use cases. Companies that embrace a modern data privacy approach will be ahead of the curve. This is particularly true when it comes to ensuring compliance with current regulations while remaining versatile enough to adapt to new related laws in the coming years.
Background
In 2016, the European Union replaced its Data Protection Directive (passed in 1995) with the General Data Protection Regulation (GDPR). This was done to address the data usage, risks, and considerations that came with the proliferation of the internet. By the end of 2023, five U.S states (California, Virginia, Colorado, Connecticut, and Utah) will have amended and/or enacted new data privacy laws that mirror many elements of the GDPR. Generally, these laws afford users the rights to access, port, correct, and delete their personal data. Additionally, also obligate organizations to which they apply (based on qualifications) to provide clear mechanisms for consent and data subject rights (DSR) request fulfillment.
Why is data privacy such an important topic for companies today, you may be wondering? Avoiding fines from violations by adhering to newly instituted regulations, is one reason. According to a study released by Ketch and MAGNA, brands can experience a 23% increase in purchase intent with responsible data practices. Moreover, FTI consulting published a report that showed there is expected 9% decrease in global annual revenue for companies that experience a data privacy crisis even. In essence, a dedicated and updated data privacy program will influence critical business performance metrics.
Implications
Companies should not wait to refine and operationalize privacy policies that address modern regulations. Marketing leaders should consider partnering with their Privacy, Legal, IT, and/or Data Engineering counterparts to ensure their data is usable and to avoid financial repercussions.
To mitigate the risks of disrupting your data-driven marketing initiatives due to non-compliance, Transparent recommends a four step approach to modernizing your data privacy program:
- Evaluate: Review compliance program maturity, identify gaps, and formulate strategies
- Policies likely do not reflect the nuances of new laws, including the documentation required for formal data protection impact assessments
- Gaps are likely to exist not only in the confines of your business, but with your external partners who process your data as well
- Reform: Implement changes to close identified compliance gaps
- Consent-management and data subject rights fulfillment processes need to be designed for effectiveness and efficiency
- Programmatic privacy tools and enablers require resources for configuration and design of the user-experience
- Validate: Ensure compliance changes are solidified and operational
- All impacted stakeholders should be made aware of the new privacy policies
- Execute these privacy procedures regularly
- Conduct compliant measurement regularly in order to monitor adoption, performance and return on investment
- Regulate: Finalize compliance measures in preparation for audits
- Dedicated resources are needed to facilitate internal and partner processing procedures for audits by regulators
- Privacy compliance audits require specific documentation
To learn more details around the new and impending U.S. state regulations and the steps needed to ensure compliance:
- Watch the ‘Consumer Data Privacy: 2023 Privacy Laws and Implications’ Webinar
- Reach out to danny.mattis@transparent.partners or info@transparent.partners.
Danny Mattis, Director, Data & Analytics
