September 2, 2021 | Renita Dabreo

In the time of increased regulatory scrutiny in the realm of B2B marketing and lead generation, data compliance is that much more important. The consequences of breaches and non-compliance are far-reaching and can derail your lead generation efforts and cause huge business losses.

While being compliant is not as complex as it is made out to be, it does require some understanding and effort on your part. Broadly, it requires you to understand the regulations, follow best practices, and work with trusted data vendors.

About the CCPA and What It Means For You

In the US, it is the California Consumer Privacy Act (CCPA) that governs data privacy, mandates disclosures, and spells out consumer rights. It requires you to obtain, store, manage, use, and transfer consumer data safely and securely.

This does not mean that you cannot sell or purchase data. You can – so long as it is not protected data. You can even sell or purchase covered data, so long as you’re transparent and offer an opt-out.

In our previous article (link), we discussed the broad areas that you can work within to stay compliant:

  • Mapping Data Flows, Access, Audit, Sharing, Expunging
  • Sensitizing and educating employees to the new data paradigms
  • Enabling consumers with options to opt out and access their private information

In this primer, we do a deeper dive into each of these areas.

What You Need To Do To Stay Compliant with the CCPA

To simplify things, we’ve broken down compliance steps into four areas. Here’s what you should be doing on each of these…

On the people front:

  • Train your employees
  • Have a person/team monitoring compliance
  • Consult with an experienced lawyer for purposes such as drafting privacy policy, etc.
  • Refresher training for new and existing employees to keep up with changes in the law
  • A clearly defined process for incident management and reporting in the event of data breaches

On the consumer front:

  • Secure user consent via opt-ins
  • Offer opt-outs
  • Disclose your information collection categories, process, and purpose
  • Have a clear plan in place in case data breach occurs
  • Ensure that you inform both the consumers and the regulatory authorities

On the data front:

  • Inventory your data and map its flow
  • Review and audit your data collection sources and processes
  • Expunge irrelevant data, process only required data, and keep it for only the time necessary
  • Handle data carefully and properly secure it via secure encryptions, limited access, etc.
  • Share data lawfully and only on a need basis

On the company front:

  • Review your information security protocols
  • Update your privacy disclaimers
  • Specify, customize, and highlight your privacy policy (preferably linked on your website home page)
  • Put in place compliance filters
  • Work with an ISO-certified data provider like Nexsales


Nexsales has over 14 years of experience in securely managing CRM related data for clients and can help you along the way. With our tremendous investments in international data certification standards like ISO 27000 and 27701 and expertise in data-privacy related processes, people, and technologies, we can give you a head start.