The only event management platform you need for all your meetings and events
Keep up with the latest events news, topics and industry insights
Get the latest whitepapers, ebooks & videos on corporate events management
Helpful answers from the Attendease team
November 22, 2019
It doesn’t seem long ago when marketers were scrambling all over the place trying to learn how to be compliant to one of the most significant privacy and compliance changes in the past twenty years. If you are thinking GDPR, you are right. We all made it , after a lot of studying, consulting with lawyers, updating our websites, and changing how we collect data and how we communicate with our contacts. And just when we got comfortable again, CCPA comes in. Let the games begin once again!
In today’s article, I will cover the main differences between GDPR and CCPA, and what you need to know to be compliant by the deadline of January 1st 2020. More importantly, we will discuss specifics of GDPR and CCPA for the events industry.
The California Consumer Privacy Act (CCPA) ushers in stricter data privacy protections for California residents. That means consumers will have the right to see all the information a company has saved on them, as well as a list of the third-party tools that gained access to that information. In addition, they can request to have their data deleted at any time.
In order to be affected by the CCPA you must meet at least one of the following criteria:
Any California resident within the government’s jurisdiction is protected by CCPA’s regulations. That means anytime a business interacts with a resident of California, regardless of where the business is located, they must comply with the CCPA regulations. Here are some of the rights consumers will have under the CCPA:
While GDPR had a more intense approach by requiring consumers to opt-in before collecting data, CCPA has a less strict approach, in which businesses may collect data, but offering the option to unsubscribe at any time.
If you will sell or transfer consumer data, you must give consumers a notice before doing so under the CCPA. Under GDPR, you also need explicit consent before the data transfer occurs.
While all industries doing business in California will be impacted by the CCPA, here are some things to consider when collecting data from events:
If third-party software is being used to collect data, such as a registration platform or a check-in tool, you should take some additional measures. It’s a good idea to keep your data organized so that if you are asked to produce information, you can do so readily, and to make sure any vendor you are working with is capable of doing the same.
Working with tech providers who have a solid data protection policy in place, like Attendease, can alleviate some of the steps to keep you compliant. Once your event is over, if you wish to use the data collected for a purpose different from what was stated to the consumer, make sure to send a clear notification to communicate how the data will be used and how they are able to opt-out from it.
As consumers have a stronger than ever digital footprint, there is a growing concern on how to keep personal information safe and to give more power to consumers on how and when they would like to be contacted by organizations. GDPR was the first big step in this direction, but there are other regulations in different geo-locations, such as the CASL in Canada and now the CCPA in California.
What this teaches us is that organizations have a big responsibility on how they use and manage personal information, and that should be handled with transparency and care. Once we accept this new reality and start to change our processes and guidelines, it becomes increasingly easier to adapt to new policies that will continue to come up.
CCPA is the first large policy change in the United States, but other states may come up right after with their own policies. The best way to handle it without going crazy? Have a solid process and strategy that is inclusive of all locations, and not only for the areas being affected. Instead of “not worrying” about GDPR because you don’t do business in the EU, start thinking about implementing change across the board in order to provide a transparent guideline to your contacts. If you can comply to GDPR and CCPA, chances are you will be compliant to most other regulations current in place or new regulations that we may se come up in the near future. The consequences of not following the data privacy regulations are costly, so keep your eyes open to new policies that may appear and make sure to always consult with a lawyer for legal advice.
Want an easy way to compare the differences between GDPR and CCPA? Loginradius put on a visual infographic showing the main differences. LoginRadius is a leading cloud-based customer identity and access management (CIAM) solution securing more than one billion user identities worldwide. The LoginRadius Identity Platform empowers business and government organizations to securely manage customer identities, deliver a unified digital experience, and comply with all major privacy regulations such as the GDPR.
For more information and updates on CCPA, check the California Consumer Privacy Act website.
Stay up to date with the latest event management tips and news.
January 21, 2021
January 12, 2021
January 5, 2021