CCPA is the New GDPR

March 2, 2020

CCPA took effect on January 1, with penalties for non-compliance kicking on July 1.

The California Consumer Privacy Act took effect on January 1, with stiff penalties for non-compliance kicking on July 1.

Similar to the European Union’s General Data Protection Regulation, in effect since 2018, the new California Consumer Privacy Act regulates how the data of California residents is collected, protected and used by for-profit entities. Other states have data privacy bills in effect or pending, but California’s is the most comprehensive.CCPA applies to for-profit entities that have more than $25 million in revenue, possess the personal data of at least 50,000 customers (globally) or derive more than half of their revenue from selling data. CCPA became effective January 1, 2020, enforcement starts July 1, 2020, with fines up to $7500 per occurrence for non-compliance.

“Given the many touchpoints where personal information is collected and exchanged when it comes to planning and marketing meetings and events—from collecting emails during registration to the check-in process onsite, and requesting feedback—planners who are using event management technology that is not compliant run the risk of violating CCPA regulations,” said Patrick Smith, CMO, Cvent.

How It Works

To be CCPA-compliant, a company must know what data it collects, how and where it uses that data, with whom it shares that data and for what purposes. The complexity of the meetings & events business makes this task particularly challenging, said Dr. Anke Assmus, director of privacy, Global M&E, BCD Meetings & Events. “Almost every transaction involves many players, including individual attendees, meeting planners, destination management companies, online registration tool providers, payment solution providers, badging companies and suppliers such as airlines and hotels. Therefore it is crucial to have an exhaustive data mapping in place.”

As a global agency compliant with GDPR, BCD already had processes in place to address most CCPA requirements, but the company needed to update its privacy policy and data privacy agreements to meet additional requirements of the CCPA. “We also updated our privacy training to prepare our staff,” she said.

Assmus’s advice to planners is to make sure their companies “tackle every facet of the regulation to avoid hefty fees and damage to your brand.”

CCPA might look like a challenge for planners, but it also represents an opportunity, said Smith. “With the right regulation-compliant technology and mindset, meeting and event planners can position themselves as trusted partners to their clients and attendees, while championing the protection of personal customer information.”