With California’s new privacy and data protection law set to go into effect on January 1, 2020--pending the signature of Governor Gavin Newsom--a report released by California’s Department of Finance has outlined the projected cost to businesses in the state for initial compliance. The total estimate, taking into account the varying levels of compliance required for companies of different sizes, shows an initial outlay of approximately $55 billion, or 1.8% of California’s GDP from 2018, which seems shocking. Of course, the email marketing industry has been preparing for this and other initiatives ever since GDPR came down the pipeline, and Site Impact is no different; the report highlighted the fact that those brands that are already in compliance with the EU regulations will have a much lower cost to compliance, since there’s a great deal of overlap. Let’s dig a little deeper into the report.
Of course, the amount that compliance will cost is going to depend in part on how big a business is--this is pretty much true for any new regulation that comes down the pipeline, in any industry. In the case of CCPA, researchers estimated that firms with fewer than 20 employees might have to pay around $50,000 at the outset to become compliant. However, firms with more than 500 employees would pay an average of $2 million in initial costs. Those brands that do business in the EU in any capacity would have a headstart on compliance, since much of the California law is modeled on GDPR; those companies that decided to block EU-based IP addresses, however, rather than comply are going to find that it’s much harder to buck the CCPA.
The law will--if signed--apply to all businesses in the state that generate annual gross revenue over $25 million; derive at least half of their annual revenue from selling customers’ personal information; or that buy, sell or share personal information from at least 50,000 consumers, households or devices. The last provision of course means that even many brands and companies that don’t have offices or locations in the state will absolutely still be impacted, since it would be difficult for a national business to operate without having a substantial proportion of Californian customers. The report also forwarded the estimate that as many as 75% of California businesses earning less than $25 million in revenue would be impacted by the legislation, since businesses only have to meet one of the conditions to be impacted by the law. In other words, for brands that operate on a national level, compliance is going to be expensive, and it’s going to be absolutely necessary--and it’s a good idea to start getting ready for it now, regardless of the lack of signature, since it goes into effect in a few short months.
CCPA is the next major hurdle that email marketing professionals and brands will have to overcome, as governments on all levels respond to consumer concerns about privacy and their data. The law won’t just affect businesses actually in the state of California, so it’s important to move quickly to get into compliance or risk fines and other consequences. Fortunately, those brands that have already gotten into compliance with the EU’s GDPR will have an edge both on the cost expenditure and the effort it takes. Contact Site Impact to hear how we make sure to always remain ahead of the curve when it comes to regulatory compliance.
Counts System
Order Management System
Tracking Platform
