Last updated: GDPR, CCPA, and LGPD: Time for a global consumer data privacy strategy

GDPR, CCPA, and LGPD: Time for a global consumer data privacy strategy


From the first day of kindergarten, my dad always loved asking questions about my day: What did you learn? What made you smile? What made you nervous? And so on. In fact, he’s still asking them; the topics have just shifted from school to work.

During a recent visit, he asked, “What’s happening with all that data privacy stuff?”

Now, my dad is a smart, educated man – as a professional engineer for over 40 years, he’s worked on some technically complex projects – but it’s safe to say “data privacy” is not his specialty. He gets most of that knowledge from newspapers and investor TV. So, I asked: “What do you mean, dad?”

He replied: “The fines. The laws. All the stuff in the news. Are companies getting nervous?”

I replied, “When it comes to consumer data privacy, there’s no rest for the weary business these days.”

Whether because of data breaches, Facebook, Cambridge Analytica, Netflix documentaries, or new regulations, it’s safe to say the current consumer privacy and data protection environment is on the minds of consumers, like my dad.

It’s also safe to say their grasp of the problem is stronger than their faith in the solution. For instance, my dad continued our conversation by saying, “Well, they should be nervous. I don’t trust any of them. I’ve taken a hard look at who I purchase from. I’m too old for these headaches.”

GDPR, CCPA, and LGPD: The next wave of consumer data privacy regulations

The Wild West days of thinking that if you don’t pay for something, then you and your data are the product are ending.

I’m referring to the current wave of regional regulations that are changing how businesses collect, process, sell, and manage customer data.

After the European Union began enforcing the General Data Protection Regulation (GDPR) in May 2018, companies were fined and major digital properties were taken offline.

Now, two new consumer data privacy regulations are nearing enforcement: the California Consumer Privacy Act of 2018 (CCPA) and Brazil’s Lei Geral de Proteção de Dados (General Data Protection Law or LGPD).

While all three laws seek to enforce rules regarding the treatment of personal data by businesses, it’s a mistake to think of them as one-and-the-same.

As the infographic below indicates, each regulation is unique.

GDPR CCPA, and LGPD infographic

When strategies collide: Global data privacy and customer experience

Smart businesses are using these regulations as a springboard to offer real trust-building experiences with consumers. For example, my dad buys medical supplies from an organization that makes it easy for him to log in, understand the terms and conditions, and set his communications preferences. The recommendations they send are relevant and add value, not confusion.

By addressing the common links between LGPD, CCPA, and GDPR, smart businesses are mitigating regulatory risk and offering the trusted, personalized experiences that can win over customers, like the example above.

Starting from a customer’s first interaction with a business – such as an email newsletter subscription – all the way through when they create a full account, leading enterprises are ensuring they state their purpose for collecting data at every point they ask for consent. This addresses key requirements in the regulations and enhances transparency, which helps strengthen customer trust.

Businesses are also ensuring customers have control over their data. This means ensuring customers can exercise their data subject access rights at all times, including the rights to delete their data, freeze data processing, and download their data. Addressing this issue is not a simple process. The solution involves answering some tough questions about the organization’s customer data management, such as:

  • Do we understand where all the personal data for a customer resides?
  • Do we offer them an intuitive portal for managing their own data and exercising their rights?
  • Do we retain relevant and searchable audit logs so we can prove adequate responses to customer requests in any potential audit?

A global challenge requires a holistic solution

Technology solutions are available to help make effective data privacy a reality.

In the face of this data privacy regulatory onslaught, it’s no longer sustainable for organizations to store customer data in silos and address data privacy regulation compliance with a piecemeal strategy.

Instead, the situation demands a holistic, centralized solution to consent and preference data management.

By collecting, storing, and managing all consent and preference data in a single repository, organizations can better:

  • Understand the data being collected from customers in different regions
  • Create specific solutions to address the relevant data privacy regulation requirements
  • Give customers the appropriate level of control over their own data and experiences
  • Respond to customer or auditor requests for data

How to build trust with consumers…like my dad

Companies can do more to protect consumers’ data privacy, and it’s in their best interest to do so. From a business’ point of view, three areas need to be addressed to succeed in this new era:

1. Knowing and understanding your customer to define your CX strategy should remain the first priority.

2. You must continue to build – not break – their trust.

3. Initiatives to address data privacy regulations can serve as an opportunity to advance your customer experience strategy.

Your competition
wants your customers.
Is your brand built to keep them?
Unlock strategies to power your enterprise HERE.

Share this article


Search by Topic beginning with