Data Privacy Laws for Small Businesses

Data Privacy Laws for Small Businesses

Data privacy legislation has become increasingly popular, especially over the past five years. And we can expect an increasing amount of new laws on the way. In this blog post, we’re recapping the legislation that’s already out there, and recommendations on what small businesses need to know about data privacy laws.

While legislation typically lags far behind the pace that technology advances, it’s both a cost-effective and ethical practice to stay ahead of new legislation. It’s never a bad thing to avoid scrambling and protect your customers. When you’re transparent about what your business is doing and why, it also builds trust and loyalty with your customers.

Without further ado, we’ll jump into current data privacy laws.

Data Privacy Laws and Trends

GDPR & California Consumer Privacy Act
GDPR legislation went into effect in 2017-2018, affecting any business that has customers in the EU. GDPR basically gives customers more control over their data, including the option to request a copy of personal data and legal backing to ask companies to erase their historical data. GDPR legislation is extensive, so we recommend doing research to best serve your EU customers.
If your business operates in the United States and you exclusively have customers or clients in the US, GDPR won’t directly apply to you. But the California Consumer Privacy Act (CCPA) might. Similar to GDPR, the CCPA gives new protections to consumers. California is well-known for being a progressive state, and similar legislation should be expected to roll out in other states as well.
CAN-Spam Act
This may be the most well-known legislation around data privacy in the U.S., since it’s been around the longest and most people are familiar with email marketing. Under the CAN-Spam Act, there are specific must-haves when it comes to email marketing: clear opt-ins to receive email marketing, an easy option to unsubscribe and a physical address included in email marketing. The full CAN-Spam Act can be accessed under “Further Reading” below.
Recent Privacy Trends in the U.S.
Most recently, Apple rolled out iOS 14.5, which includes a new feature called “App Tracking Transparency” (ATT for short) that prompts users to allow or revoke tracking. The new popup makes opting out of tracking much more clear and straightforward for consumers. Since Apple owns 65% of the U.S. smartphone market as of Q4 2020, data resellers (like Facebook) are understandably concerned as to how this will impact their business model. Specifically in regards to advertising on Facebook, with less data to sell, the platform becomes less valuable. We discuss more in the small business implication section below.
Further Reading on Privacy

What Data Privacy Laws Mean for Small Businesses

After reading about data privacy compliance for the past minute or two, you’re probably thinking either, “Oh no…” or “What does this actually mean for my business?” The good news is that data privacy legislation is typically targeted towards large, multinational companies. Think, the “Amazons” of the world.
That being said, there are some things you can check right away for your small business.
1) Check your tech for built-in compliance.
What tools do you use frequently in your business? Most small businesses are using proven tools that have been around for a while. In that case, the tools you’re using may cover a lot of your bases from a data privacy perspective. For example, Mailchimp’s email marketing software has built-in CAN-Spam compliance, and Shopify’s website CMS has compliance features for CCPA. If you’re not sure about the specific tool you’re using, check their website FAQs!
2) Evaluate your advertising.
If you’ve ever marketed your business on Instagram or Facebook, it may be time to re-evaluate. If these channels are still working for you, keep going! However, if you’re noticing a large drop-off in conversion using Instagram or Facebook, try something new.
Advertising on Facebook and Instagram is centered around consumers’ interests, which Facebook collects by tracking user activity across the web and other apps. Now that consumers have the option to opt out of that level of tracking, Facebook will have less accurate information about consumer interests. This is good for consumers, and bad for advertisers on Facebook.
But the good news is that as a business, you can choose where you spend your advertising dollars. 
When Facebook and Instagram advertising no longer gets you the conversion you’re hoping for, you can change where you spend your money. We always recommend Google Ads to our clients because this type of advertising is based off of specific search phrases, or keywords, as opposed to general interests. Another benefit: Google Ads typically have higher conversion rates than Facebook and Instagram ads.
3) Take a close look at your website.
Double (and maybe triple) check your website for data privacy compliance. As a starting point, you want to make sure that you have explicitly clear opt-ins for customers subscribing to newsletters (no pre-checked boxes!) and information about how customer data is used.

What Data Privacy Laws Mean for Consumers

In paraphrasing the main takeaway from Kevin Kelly’s book The Inevitable, there’s a tradeoff between the convenience and customization most consumers want, and the privacy they expect. In short, you can’t have it all. Consumers need to decide whether their convenience or privacy is more important. The choice is personal and impacts everything from the type of advertising you see online to health advice. As a consumer today, you have more power and options to monitor your personal data than ever before. To start, become aware of which websites or apps you use the most and decide whether you want to share your data there.

Want marketing strategy insights in the age of data privacy? Schedule a marketing strategy session below.