The Impact of GDPR and CCPA

illustration of padlock

Net Conversion works with platform partners like Google and Facebook that stay ahead of the compliance curve. Most already operate under restricted data processing thanks to GDPR, and those functions not in compliance will automatically be updated on their end to fit CCPA (ex. some users won’t be able to be included in remarketing lists). As for Net Conversion, we never store Personally Identifiable Information.  As businesses, we all will be impacted regarding audience size/tracking ability, but within CCPA compliant platforms, we should be covered.

Impact on Marketing

Although the CCPA borrows from the GDPR, it does not copy it.

  • The CCPA is largely not applicable for nonprofit organizations
  • The CCPA contains a broad exclusion for certain medical information protected under federal laws
  • There is no mention of privacy by design or data protection impact assessments
  • It skips the requirement to establish a lawful basis for processing
  • Requires only a limited opt-out for adults for the sale of personal information, instead of the opt-in consent of GDPR (source)

GDPR and CCPA are prompting digital marketers to:

  • Update back-end systems
  • Review privacy statements
  • Update third party contracts
  • Audit contact lists 
  • Audit partners 
  • Confirm subscribers (source)

See eMarketer article and report for more details.


Potential Future Impact

  • Regional data privacy laws are increasing legislative focus on digital privacy and control
  • US states such as Nevada and Maine are already considering similar regulations
  • More states are likely to follow eventually, with a federal law not far behind
  • A major benefit to compliance becoming standard would be an increase in consumers’ trust in marketing

Net Con Data Privacy and Security Policies

Some of the privacy and security measures we have implemented include:

  • Handle only aggregated data sets or anonymized personally identifiable information (PII) via encrypted and secured client files
  • Purge files containing PII from our servers and cloud storage systems once they have been received by an advertising partner
  • Audit partners and vendors for compliance with data privacy regulations
  • Use the latest two-factor authentication tools to protect internal files containing PII
  • Ability to add custom encryption to client content hosted in our analytics tool
  • Update and train our analysts on security policies and procedures
  • Made available our Privacy Policy and Client Data Handling Policy on our site
  • Added consent form for new visitors to the site and subscribers to the company newsletter

Potential Impact on Data Collection Practices

  • As browsers continue to roll-out more privacy settings, our tracking and audience usage is likely to become less reliable
  • To minimize the impact, we plan to use platforms that offer alternatives to cookies, such as email match, to tie a user’s ad click to a conversion
  • We will rely more on ad platforms that are able to determine user-to-purchase connection through common sign-ons, such as Google or Facebook
  • We will continue to use platforms where we see performance. Often, that means ability to track; without it, we are less able to properly optimize campaigns or prove impact
  • As cookie-reliant technology is phased out, we expect to see new and similarly effective tools to emerge. We will keep you updated on the progress and impact of all such tools as they become available



Turning Strategies Into “Always On” Tactics.

Work With Us


Want to be one of the businesses featured in our blog?




We’re always looking for new partners who want to work with marketing and analytics experts relentlessly dedicated to improving your ROI and business intelligence. Let’s talk more about how we can help your brand.