Remember the good old days, last year, when data privacy was something U.S. marketers thought was just a problem for their European colleagues?

We’ve all grown up a bit since then. The rules of engagement have changed for direct response marketers (which is just about all of us) – and continue to evolve – with new insight and information coming out regularly:

• GDPR Year 2 – The EU General Data Protection Regulation (“84% of US employees have never heard of GDPR” via TechRepublic)
• CCPA Coming Soon – California Consumer Privacy Act – (“With 6 months to go until CCPA kicks in, confusion and growing uncertainty prevail” via Marketingland)
• Vermont’s H.764 (Act 171) – An act relating to data brokers and consumer protection (“Data brokers are selling your secrets. How states are trying to stop them” via The Washington Post)
• Edging toward U.S. federal privacy laws (“Seven U.S. privacy bills introduced bills this year alone” via Digiday)

These resources simply scratch the surface of developments in data privacy, with rising complexities from every corner of the advertising and marketing fields, to ongoing questions of enforcement, penalties, and the risks of sitting on the sidelines.

Add to this the enactment of additional U.S. state regulations and the growing pressure in the U.S. to create a national data privacy compliance rule.

What does it all mean for you and your clients? Lawyers love to say “it depends,” but this is a certainty: privacy questions are not about to “blow over,” and should be one of your agency’s key priorities going into 2020 planning.

Where is your agency on this road to compliance? While it can be overwhelming all at once, here are three quick steps to get you started in the right direction:

1. Review your agency’s master services agreement.

Make sure it references your privacy obligations as an agency and builds in some liability protection and indemnities for you. If you don’t have a provision, or it’s not appropriate to put in the body of your agreement consider an addendum that you can attach to any project or engagement that privacy concerns will be involved.

2. Review your agency website(s) terms and conditions (and privacy policy).

Ensure that they are fully updated and compliant with GDPR, and, for now, the California Consumer Privacy Act (regarded as the current “template” for what U.S. rules could look like). Schedule regular reviews and updates to these policies as needed and new legislation comes through.In addition, proactively, and habitually, advise your clients to do the same with their web and digital properties.

3. Ensure opt-in status of your email marketing databases.

If you haven’t already, execute a re-engagement campaign with your agency contacts, and advise the same for clients to ensure proper opt-in. You can look at this as an opportunity to get back in touch and communicate your care and compliance for their data.Whether your agency delivers these services direct, consults on these programs for your clients who operate in house, coordinates with freelance vendors to execute, or marketing your own agency – you’re right in the mix here.

You should be your client’s first line of defense, in partnership with legal counsel, to protect your work and people. Also, don’t forget CAN-SPAM (from 2003) and the requirements within as your base blueprint for compliant email marketing.

Get educated on the current state of compliance, what’s coming this year and what’s forecasted to come in the near future.