If you’re marketing to a variety of online audiences, you’ve probably heard the term GDPR by now. But what is GDPR?  What’s CCPA?  And how do they impact you and your digital marketing team? Digital compliance is something that often gets overlooked. But it shouldn’t. Fines and penalties, while rare, could put you out of business if regulators decide to make an example out of you. To help you understand your GDPR and CCPA compliance requirements, I got together with Robert Freund, an experienced advertising attorney.  It’s his job to help you avoid business mishaps. And he shared some helpful insights about which data privacy laws apply to you, how to update your marketing, and when this all went into effect. What is GDPR?  GDPR was created by the EU to protect consumer privacy rights.  It is intended to help consumers understand: What personal information businesses are collectingHow their information is usedHow to opt-out of data collection If you have your own website, in order to be compliant, you may need to update your privacy policy. And if you have a separate social media policy, you may need to update that as well. “It’s about updating your privacy policy...putting information about how you are using data and what you are collecting in front of the consumer,” said Robert. This includes creating a cookie pop-up to let consumers opt-out of data collection if they choose.  But, why does this matter to US companies?  If you are a US business with EU customers -- or it’s even remotely possible that someone from Europe may find their way to your website -- you should be following GDPR rules when it comes to data privacy and disclosure. “Even if you aren’t physically in Europe, the way the rule is written, it still applies to you,” said Robert.  What is CCPA? The California Consumer Privacy Act is California’s version of the GDPR, which went into effect on January 1st, 2020.  You will be subject to the CCPA if you collect data from California residents and: Exceed $25 million in gross annual revenue... OR ...obtain personal information from 50,000 or more California residents per year... OR  ...50% or more of your annual revenue comes from selling the personal information of California residents.  “If you’re a small business that’s not located in California, you still have to figure out if California residents are visiting your website,” Robert clarified. If so, you are subject to the law and should be doing everything in your power to meet CCPA compliance requirements. 6 best practices for complying with CCPA privacy laws Remember, you should be consulting with a professional attorney in your jurisdiction to ensure you are doing the following things correctly. This is not legal advice. But getting compliant may include these steps: Updating your privacy policyUpdating your website policyAuditing what data you are collecting (and how)Having a plan in case of a data breachGiving consumers a very clear opt-out optionHaving disclosure guidelines in your social media agreements “If somebody connected or employed by your brand is going to be talking about it online,