37. Data Privacy, GDPR, CCPA, OH MY!

Not sure about your responsibilities as a website owner when it comes to data privacy? Confused by all the acronyms and how to comply? In this mini-episode we’re covering the two main privacy laws and how they apply to you. 

Note: I am not a privacy professional or a lawyer and this is purely informational, not legal advice. It’s important for you to do your own research, due diligence, and hire a professional to support you.

What You’ll Learn: 

  • How to know if you’re required to comply
  • Why you should be paying attention even if you’re not required to comply right now

Episodes Mentioned

Episode 36: How To Charge Sales Tax for Your eCommerce Business 

Additional Resources

GDPR for US Based Companies

CCPA – California Consumer Privacy Act

Writing a Privacy Policy for Your Small Business

Writing a GDPR Compliant Privacy Notice

International Association of Privacy Professionals

Want More Badassery?

Join the eCommerce Badassery Facebook Group and connect with other eCommerce entrepreneurs just like you! 

Let’s connect on Instagram @ecommercebadassery

Ready to Level Up Your Email Marketing & eCommerce Business?

Try the Klaviyo Email Marketing Platform – Built specifically for eCommerce, serving entrepreneurs, and iconic brands.

Work With Me – Interested in getting my brain focused on YOUR business? Book your free clarity call and let’s see how I can help get you to the next level! 

Rate, Review, & Subscribe

Like what you heard? I’d be forever grateful if you’d rate, review and subscribe to the show! Not only does it help your fellow eCommerce entrepreneurs find the eCommerce Badassery podcast; it’s also valuable feedback for me to continue bringing you the content you want to hear. 


Read the Full Episode Transcript

This week, my goal is to make sure this important topic is on your radar. I’m not a privacy professional, and I don’t have all the answers.

Truth be told, the extent of my experience implementing the requirements is limited to gathering all the necessary information for a privacy professional and a legal team to craft the necessary documents. 

But, I have noticed there isn’t a lot of conversation around this, so I want to make sure everyone knows it’s a thing. While you may not be required to comply today, based on the size of your business, it’s still something you need to keep your eye on. The more digital our world becomes, the more rules and regulations that will keep popping up. 

So what does that mean?

This episode is here to bring this topic to light and encourage you to do your own research and due diligence. If you have already done your own research,  you know where you stand and you are keeping up with all the changes, awesome — I’ll see you in the next episode. 

If you have no idea what I’m talking about or haven’t given this a second thought, keep listening.

10 things your privacy policy should include 

You should already know that you need to have a privacy policy on your website. This privacy policy tells your website visitors: 

  1. What information you collect about them
  2. How it’s collected
  3. Why It’s collected
  4. How the information is used
  5. Who will have access to it
  6. How the website visitor can opt-out of having this information collected about them
  7. How they can review or update the information
  8. What measures you’re taking to protect that information
  9. The effective date of the policy
  10. Who to contact about the policy

New laws are coming into effect and the standard is changing 

For a long time, that was the standard, but… in the last few years, two big laws went into effect that took things to the next level. First was GDPR in the EU, and then CCPA in California. 

Side note: in our most recent election, there was a ballot measure to expand the privacy laws in California called the CCPR, which did pass. This is on top of the CCPA laws. I don’t know many details about it, but know that more requirements are coming. 

While these two look and sound similar to each other there are some differences between them. Just because you’re compliant with one, doesn’t necessarily mean that you’re compliant with the other. And of course, which ones you have to comply with depend on where your customers are and other thresholds for who is responsible to comply. 

Compliance depends on where your customers are, not where you are

Just because you don’t live in the EU, doesn’t mean you don’t have to comply with GDPR. If you sell to customers there, you do. The same is true for CCPA in California. 

Just like the requirements for collecting sales tax that I talked about in last week’s episode, there are thresholds for who is required to comply with the CCPA. 

3 conditions for complying with the CCPA 

If you meet at least one of the three conditions, you are required to comply. They are: 

  1. You have annual gross revenues of 25 million
  2. Buy, receive, sell or share personal information for commercial purposes of 50,000 or more consumers, households or devices annually, or 
  3. Receive half or more of annual revenues from selling consumers’ personal information, 

Now, it’s unlikely if you’re listening to the podcast that you’re doing 25 million a year in revenue. If you are, ahhhmazing, please message me so I can bring you on as a guest to the show. And as an eCommerce business it’s not likely you’re receiving more than half of your annual revenue from selling information. 

But requirement #2 — 50,000 consumers, households, or devices — that device piece is what gets tricky. A device is defined as any physical object that can connect to the internet. So that can be a desktop computer, a laptop, or a cell phone — all of which would count as a separate device.

But then again, CCPA only protects California residents. 

With all that said, it’s likely that you’re not technically required to comply. 

GDPR is based on intent, not threshold 

With GDPR, compliance doesn’t have a threshold. It’s based on intent. Because GDPR protects consumers located in the EU,  everyone who offers goods and services to customers to data subjects in the EU, whether or not it’s connected to a payment, is required to comply.

Are you likely to get fined for not complying? 

Now, as a small business doing a few hundred thousand, or a few million dollars a year, are you likely to be prosecuted and fined for not complying? No, probably not. Enforcement is happening with big tech giants like Facebook, Google, and WhatsApp. 

So why are we talking about this? 

Because the rules and regulations of data privacy are changing rapidly, and they will continue to do so as more and more businesses move online. So far, the rules being implemented in the U.S. are at the state level, but it’s possible that will change. Ultimately, I want you to be aware and as prepared as possible. 

Consumers are becoming more and more aware of their privacy on the internet. More and more breaches by from the big guys, means consumers are becoming more weary. And knowing that you give a shit about them, their data and their privacy is just one way you can instill confidence with your consumers and set your business up for future success. 

So what should you do today? 

First thing, do our own research because I’m not a privacy professional (had to get that disclaimer in there!)

Secondly, make sure you have a solid privacy policy in place at a minimum. 

Get a consultation with a privacy professional who can help you figure out when and if you might need to be compliant. The IAPP, the International Association of Privacy Professionals is a non-profit organization that helps define, promote, and improve the privacy profession globally. 

Stay in the know. Just like states enacted new laws to recoup lost sales tax at the rise online sales, it’s likely that they may pop up with their own privacy rules. Sooner rather than later it may even reach a federal level. 

Share this post

Share on email
Share on facebook
Share on twitter
Share on pinterest

This post may contain affiliate links. If you make a purchase with one of my affiliate links I may earn a small commission at no extra cost to you!

Hey, I’m Jessica!

eCommerce + email Marketing Strategist

I support scrappy female entrepreneurs with actionable steps & strategies to grow and scale the traffic, sales & profit in their eCommerce businesses. Learning from the top experts in the digital marketing & eCommerce industry she loves working with female entrepreneurs and teaching the secrets of 7-figure eCommerce businesses.

The POdcast

search the site

eCommerce Badassery FREE Resource Library

Resource Library

Tools & Resources

Every freebie I’ve ever created… all in ONE place. Grow your traffic, sales & profit! 

Popular Posts

post categories

Free Resource Library Signup

Tools & Resources

My favorite tools & resources to run your eCommerce business. From my free guides to my favorite apps and platforms. Everything you need to grow the traffic, sales & profit in your eCommerce business.

Scroll to Top