The California Consumer Privacy Act (CCPA) is set to take effect in less than a month. While you are taking action to become compliant with the law, the buck doesn’t stop there. As the fine print on CCPA is still being ironed out, and other states are gradually following suit with their own CCPA lookalikes, it’s important that companies not only take the steps to become compliant, but make sure they’re performing the critical steps to remain compliant with CCPA, GDPR, and all regulations applicable to your company.
As your website and app are the first—and sometimes only—visibility customers have into your company, they are your most important asset. And since CCPA compliance will vary for each company based on a number of factors, here are a few critical steps you can take to ensure your company continues to remain compliant:
1. Have a Privacy Law Expert On Hand (Or Become the Expert)
As compliance laws continue to emerge and evolve, you need to know how those regulations are implemented in the various countries and states where you conduct business. Even with a data privacy expert on hand, as a mediator between the business and those implementing the tools to compliance (the developers), it will be beneficial for you to have someone on staff focused on the latest updates and changes to compliance laws.
Additionally, understand if your company has advertising partners, which partners you’re integrated with and how, whether you share data with them and the platforms you use to exchange information, and their function within your site or app. These may play a role in maintaining compliance, depending on the law and region.
2. Befriend Your Web and App Developers
As LiveRamp’s former privacy counsel Lubna Shirazi points out, compliance can’t be done in a vacuum. Work closely with your web and app developers on this compliance journey. Involving them in the process early will ensure you both are on the same page.
Introduce your web developer to the technical process when changing how data is aggregated and stored, especially if a new compliance platform needs to be implemented. Invite them to participate when vetting new tools like a consent management platform (CMP), as they’ll be working most closely with the technology. They’ll want to understand how it fits with the rest of your technology stack. Have frequent check-ins—even after the compliance tool is set up—to ensure any necessary adjustments can be made in a timely manner.
3. Ensure Your Compliance Tools Are Up-to-Date
Once you’ve chosen your CMP and worked with your developers to implement it, you’ve taken the first step towards compliance. To ensure you’re adhering to your compliance plan, consider the roles and responsibilities for maintenance and updates, including who will ensure that any changes rolled out on your site or app are also reflected in the CMP. Know who will be the point person for bringing new rules and regulations to your compliance task force, etc. Also, be sure to run periodic checks to ensure all third-party resources associated with your site or app are compliant.
Compliance is an ongoing process, not a one-click activity. No solution for compliance can replace the understanding and clarity you’ll receive when you have an internal team invested in staying up-to-date with regulations. Data privacy compliance is an ongoing journey not a destination.