The California Consumer Privacy Act, which took effect Jan. 1, represents the most far-reaching U.S. law giving consumers rights to know what companies know about them. Here are some tips on how retailers can avoid missteps in complying with this important new legislation.

John Hernandez, CEO, Selligent

John Hernandez, CEO, Selligent

The California Consumer Privacy Act (CCPA) and the issue of privacy has dominated nearly every tech and consumer event since its January 1, 2020, deadline date, especially at the Consumer Electronics Show (CES). Much of the focus has been on how brands can lean on data to drive the future of hyper-personalization consumerism, with part of that conversation revolving around the why.

Why are companies taking it seriously now? And why is a strong privacy-founded approach necessary?

An organization that doesn’t provide consistent communication will confuse customers who will only get frustrated and abandon the brand.

CCPA isn’t the first regulation of its kind. Perhaps the most notable regulation to precede CCPA is the European Union’s General Data Protection Regulation (GDPR), which took effect in May 2018. GDPR taught the industry many initial lessons, and informed the formation of CCPA.

What both regulations have taught us, however, is that the process is comprised of three main parts: reworked data strategies, data transparency and maintaining a consumer-first approach. Both regulations have also taught us the process isn’t going to be smooth. GDPR and CCPA have faced their share of challenges and here I’ll break down the three most common.


1. It’s a moving target

As The Verge article suggests, data compliance lacks definition, making it difficult for organizations to know what they need to do when it comes to capturing and storing consumer data. What is known is that, with CCPA, consumers are more in the driver’s seat than ever before and its impact reaches beyond companies and consumers in California. Since many of the world’s leading tech companies and data brokers are based in the Golden State, the implications of the regulation reach across the globe.

An important place to start is to look at the data structure within the organization, clearly identifying what is being asked of customers compared to what is being captured without their explicit consent. Note CCPA only applies to data stored after December 31, 2018, but that doesn’t mean that data should be left as-is. Important decisions must be made on how much of that information the organization actually needs, what is being captured for the sake of being captured, and how much of the data can realistically be used to benefit the customer. After all, data is primarily activated to improve the customer experience, right?

This is especially important for retailers.  Consumers are expecting highly personalized experiences, but are increasingly wary of sharing personal data. To find the balance between the two won’t be easy and retailers will need to take a hard look at their data strategies to equally prioritize customer experience and protection.
Being specific and pragmatic when it comes to reworking a data strategy will continually make the consumer-first approach attainable.

2. Customers are confused

Organizations of every kind have to communicate data policy changes early and often to drive understanding and build trust. Instead of being reactive to privacy concerns, companies that build consumer trust by being transparent and respectful of customer preferences will prevail.

As CCPA continues to manifest and mature, one of the biggest challenges organizations will face with privacy is the mentality shift from what the brand needs towards what the customer needs.  A large part of this will be rooted in educating customers on their level of control of their data. An organization that doesn’t provide consistent communication will confuse customers who will only get frustrated and abandon the brand.


As we move forward, empowered customers will dictate the success of any brand, and that starts with educating them on how their privacy and personal data is being handled.  Here are some specific tips to help you improve and crystalize your customer communication:

  • Use clear language in your privacy policies and marketing opt-in messages that consumers can understand
  • Add a visible footer link on your website that connects to a marketing opt-out/preference center
  • Create internal structures to handle consumer data inquiries within legal deadlines
  • Define and enforce clear access rights to private consumer data within your organization.

3. Compliance as an organization-wide responsibility

Consumer data has long lived under the umbrella of IT and marketing. Between those two departments alone, collaboration hasn’t always been easy, and ownership and protection of data lives in a somewhat gray area.

The pressure to work together is mounting, however. And it’s not just marketing and IT, it’s customer service, sales, and other departments. Every facet of the business will need to consider privacy and compliance as part of their strategy.
This is perhaps one of the greatest challenges organizations face as we move towards data compliance. Additional regulations—both on the state and federal levels—are bound to come, and understanding the role of each department is key.
The path to seamless collaboration is paved with transparency, communication, developing common goals, organization-wide training of big-picture strategies, and tactical execution that consistently puts consumer experience, data privacy, and trust as a top priority.

An effort worth making

Only time will tell how CCPA, GDPR and other regulations like it will shape the way consumers interact with organizations, and how organizations handle their relationships with customers.

The road ahead is a long one, and twists and turns are inevitable. But an organization that can commit to working as a team, be open and honest with their customers, and hold themselves accountable to consumer-first data practices will weather the journey with the fewest self-imposed bumps in the road.


Becoming a brand that consumers can trust will ultimately drive loyalty, growth, and long-term success.

Selligent provides a business-to-consumer marketing automation platform.