Home CCPA for Marketers: What You Really Need to Know

CCPA for Marketers: What You Really Need to Know

California Consumer Privacy Act (CCPA) has put restrictions and conditions on how organizations can store, process, and share consumer data in California. The privacy act has given broad rights to the consumers over their data that organizations hold. Here is CCPA for marketers and what you really need to know about it.

The CCPS allows consumers to have complete transparency and control over all types of personal data. These regulations have been especially difficult for marketing and advertising companies. Especially those businesses that rely on sharing and processing consumer information to develop an efficient marketing plan that will reach the right people.

With all these regulations in place, it begs the question. How will marketing organizations prepare marketing plans without having full control over their customers’ information?

How does CCPA impact marketers?

Whether an organization collects its consumers’ information through social media or other means such as an email survey, CCPA requires them to disclose what information is being collected and how it will be used. This requirement is known as ‘right to be informed’ under the CCPA.

CCPA gives broad rights to consumers on how businesses collect and process their data. Upon request by a consumer, a business that collects and processes data on California residents must disclose:

  • What it collects.
  • Where it collects.
  • Why it collects.
  • Whom it shared with.

CCPA gives consumers the right to opt-out of having information being sold to third-parties.

For companies that earn revenue through selling data, it will be a struggle to work around this restriction, potentially putting a dent in revenues.

CCPA has also had a substantial impact on digital advertising.

The impact on digital advertising happens because digital advertising works on the transfer of consumer data from a data broker to the advertiser. The ad-serving platform has many other layers of supported systems in between broker and advertiser — often a third-party business.

If an organization is required to comply with the CCPA, it cannot transfer this data without the consumers’ consent.

So far, it seems like the CCPA is only having a negative impact on the marketing sector as it is restricting marketers from virtually doing anything as most of their operations rely on the sharing of data.

What Marketers Need to Do to Comply?

Trying to comply with the CCPA can be difficult for the marketing sector. The process is not just a matter of applying the same rules throughout the organization in hopes of complying with the CCPA rules. Instead, there have to be different goals set at each level to ensure that compliance can be met efficiently.

At the highest level, marketers need to make it their personal responsibility to understand how personal data at their company has been used to message and serve customers. They also need to ensure their team has a clear understanding and has proper training on the law and compliance processes. Lastly, they need to make sure that these responsibilities delegate within the organization as soon as possible.

On the next level of following CCPA rules, clarify the following roles:

  • Dedicate an individual who has the responsibility of reviewing proposed regulations to understand how it impacts your business.
  • Dedicating a person who is responsible for mapping personal data and gathering notices across all internal and external systems.
  • Making sure these notices are presented to customers via the privacy policy page and “do not sell my info” links placed on the website homepages.
  • Managing and carrying out online and offline consumer rights requests.
  • Train request handlers or assist consumers in exercising their rights under CCPA.

Finally, within your marketing team, make sure if you’re providing discounts that could be perceived as an exchange for personal information, calculate the monetary value, and communicate that information in your privacy policy.

You also need to understand how the CRM and marketing systems will send messages and whether these messages comply. Finally, connect with service providers and legal teams working on vendor contracts to ensure consistency when handling the rights requests you receive.

CCPA Compliance Checklist for Marketers

To comply with the CCPA, organizations have to incorporate all the following points to wholly and efficiently comply. See how many of the following points have you checked out:

  • Update Privacy Policies

Although companies follow the strictest standards when drafting privacy policies, they need to make sure that their policies are compliant with the CCPA.

  • Create Methods of Accessibility

Establish a means for the customer to easily request data access and data deletion. This could be at minimum a toll-free number

  • Verification System

People that can verify their identification can access their information held by organizations. Verification systems will be a part of the CCPA compliance regulations

  • Data Governance

Prepare records, data maps and inventories of Californian’s personal data to fulfill any requests in an efficient and timely manner

  • Opt-Out Button

Adding in an opt-out button will help you stay compliant without the added hassle of manually updating that customer.

  • Obtain Consent from Minors

Minors under the age of 16 will not automatically consent under CCPA. Organizations need to develop a process by which they can obtain direct consent from those aged 13-16 years, or parents consent from minors under 13 years.


The CCPA has really made operations for the marketing sector, but these barriers bring with it opportunities as well. Organizations need to make sure that the regulations are enforced within all levels of the organization to make sure that compliance is easily achievable.

Regulations that are easily enforced means that there needs to be a proper level of training, responsibility, and tracking. As well as proper records to stay ahead of the CCPA and other global privacy regulations.

Organizations might find tracking and enforcing an added task. But in the long term, these regulations are going to be beneficial for both consumers and organizations alike. Doing the right thing is only a matter of adapting.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Anas Baig
Product Lead

With a passion for working on disruptive products, Anas Baig is currently working as a Product Lead at the Silicon Valley based company - Securiti. He holds a degree of Computer Science from Iqra University and specializes in Information Security & Data Privacy.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.