Challenge and Opportunity: Data Privacy 101 for SMBs

Here’s what GDPR, CCPA, and other, potentially forthcoming laws, might mean for your SMB, as well as how you can prepare.

Noah Kravitz

March 9, 2020 4 min read

Your small or medium-sized business (SMB) may be nervous about new data privacy laws. After all, you might not have the resources to spin up a data privacy team to focus on compliance or credibility to face a worst-case scenario of a big fine or data breach.

But the increased focus on data protection is an opportunity to build greater trust with your customers.

Here’s what Europe’s General Data Protection Regulation law (GDPR), California Consumer Privacy Act (CCPA), and other, potentially forthcoming laws, might mean for your SMB, as well as how you can prepare.

State laws enacted and what that means in the United States

If you live or do business in California, you may have noticed an uptick in those “Our Site Uses Cookies” notifications while browsing the web this year. That’s because the CCPA took effect on January 1, 2020. While CCPA first became law in 2018, additional amendments to the Act passed in October 2019, and those amendments became law this year.

United States-based SMBs with web presences in Europe must also comply with GDPR, though SMBs with fewer than 250 employees may get a pass.

California is no stranger to leading the consumer protection charge, and many believe they’re doing it again with data privacy. Maine and Nevada have already followed suit in passing privacy laws, as has New York state with its SHIELD Act.

And while headlines about multi-million dollar GDPR fines in Europe are enough to make SMB owners in the U.S. nervous, it’s worth noting that California’s CCPA, at least, is most interested in going after the biggest offenders. CCPA is focused on businesses with revenues over $25 million and/or significant business activity involving large amounts of California residents’ data.

Data privacy as a competitive advantage

Preparing for the coming laws isn’t the only reason to get your small business’ data privacy act together. Building your reputation as a consumer privacy advocate can be a competitive advantage. Apple’s “Privacy on iPhone” ad campaign is a prime example.

Trust builds customer relationships. Data from our October 2019 survey leaves no doubt as to how vital that trust is:

92% of customers said their trust in a company makes them more likely to buy their products and services
95% of customers said their trust in a company makes them likely to be more loyal to that company
93% of customers said their trust in a company makes it more likely to recommend it and continue to purchase its products and services

The trust that began with consumers’ belief in your products and services now extends to their faith you won’t sell or otherwise use their personal information without consent. Your SMB may need to invest time and resources to comply with state and federal data privacy laws. Still, you can leverage that investment to build stronger relationships with more customers.

Taking steps towards data privacy

So what’s a small business to do about consumer data privacy? This short checklist will get you started:

For starters, if you’re doing business (or just collecting consumer information) in California or the European Union, make sure you comply with all laws.

Even if you’re not working in a market governed by data privacy laws, building customer trust is good for business. Consider the opportunity to differentiate yourself by “complying” ahead of time.

Post a privacy policy if you haven’t already. A privacy policy lets your customers know how you plan to collect, use, and protect their data. Your attorney can help you meet legal and regulatory requirements, even if you’re not yet under the jurisdiction of CCPA or other new data protection acts.

From there, it’s all about transparency and security. Be clear with customers about the data you collect, why and how, and what you plan to do with it. Make it easy for them to opt-in and opt-out of data collection.

Make sure whatever data you do collect is kept secure. Data security is a big topic, but it’s pretty easy to get started. The best practices outlined in 4 Best Practices to Ensure Data Security and How to Protect Your Small Business From a Cyberattack will get your business headed in the right direction.

We help you find more customers, win their business, and keep them happy so you can grow faster than ever. Learn more about our small business CRM solutions by following us on Twitter, LinkedIn, and Instagram.

Illustration of two humans on their phones, engaging in the contact center experience. Between and around them are illustrations of text bubbles, messages, search bars, emoticons, and robots/chatbots.

How to Provide a Great Contact Center Experience — Every Time

6 min read

Male employee in a flower shop, wearing a pink stress shirt and an apron, takes a photo of some flowers in his store / digital marketing for small business

Digital Marketing for Small Business: Here’s How You Can Do It

14 min read

Noah Kravitz Writer, SMB Marketing

Noah Kravitz is a writer and technologist working with the SMB Marketing team at Salesforce. A former journalist, he also hosts a podcast on Artificial Intelligence and is researching virtual reality-based wellness therapies.

More by Noah