Skip to content

Brands Get CCPA and GDPR Wrong – But Content Can Save the Day

A new research study finds an alarming 91% of companies are completely unprepared for the California Consumer Privacy Act or GDPR. If your company’s one of them, are you facing a future filled with lawsuits, penalties, and fines? Robert Rose explains why the right approach to content could mean you don’t need to worry.

Watch the episode

Aired: July 29, 2022

Read the transcript

Hello everybody. Robert Rose here what’s new and what’s important in the world of content marketing. It’s the news you need to lead in the practice of content marketing and strategy. For the best in best practices, you can always go to

It’s the depth of summer, but there is news this week about your data, privacy, and marketing.

A new research study finds that a rather alarming 91% of companies are completely unprepared (or only a little bit prepared) for the California Consumer Privacy Act (CCPA) or GDPR.

CCPA and GDPR are existing legislation protecting consumer privacy and online data. They’re why we have all those annoying popups warning you that you’re about to get some cookies.

Now, that research from an organization like Cytrio would find such results shouldn’t be surprising. They make a living helping companies comply with privacy legislation. But the research is quite interesting.

While they found that 91% of companies are unprepared for privacy regulations, there’s a more troubling number. Fifty percent of companies whose privacy policies acknowledge that they need to comply with CCPA don’t have a mechanism to allow customers to exercise their data privacy rights (as CCPA requires).

The study covers the differences between B2C and B2B companies and then points out how companies haven’t built in the automation needed to deal with data access requests.

This part is where the report moves into why you might want to think about adding a technology solution.

Our take: You may or may not need an automated solution to deal with GDPR or CCPA.  The most important underlying question isn’t how you automate data access requests.  Chances are, you’re not even familiar with a data access request. And there’s a greater chance that your audience doesn’t want or care to file a data access request with your company.

However, as I’ve said before, the heart of these new privacy regulations (and more will come) isn’t about leaning away from capturing or using first-party data.

Related: GDPR Is the Biggest Gift to Content Marketers in a Decade

The real question is, are you designing experiences where the customer wants to give you the data in the first place?  And not for transactional access to a digital asset.

Are you designing #Content experiences that make audiences want to give you their data, asks @Robert_Rose via @CMIContent Share on X

I had to give my email address to access the Cytrio study. I wanted the asset. But I didn’t want to give them my personal data in exchange for it.

The question content marketers should ask before requesting data is why our customers would want to give it to us. If I deliver value through my amazing newsletter, blog, or resource center, maybe you want to be informed when it updates or want the weekly blast of my thoughts. Then I am delivering value that makes you want to give me that data. And you presumably want me to use it to deliver a better content product for you.

Related: To Gate or Not to Gate? Is That Really the Question?

This is the key part. It’s not just the technicality but the spirit of GDPR and CCPA and all the privacy legislation likely to come.

At that point, it doesn’t matter whether you have a cookie notice on your website. It doesn’t matter if you have a privacy policy but not the ability to respond automatically to consumer requests. Those things are mechanical and are relatively easy to implement.

The harder part – and arguably the more important part ­– is to stop looking at data privacy legislation as a hurdle to get over and start seeing it as an opportunity to transform your content into a product that consumers want to interact with and subscribe to.

Data privacy rules are an opportunity to transform #Content into a product that consumers want, says @Robert_Rose via @CMIContent Share on X

That way, you’ll live up to regulations like GDPR and CCPA and even make them irrelevant to your content marketing activities.

And that’s five minutes of news you need to lead in content marketing. I’m Robert Rose. Remember, it’s your story. Tell it well. I’ll see you next week.

Want more content marketing tips, insights, and examples? Subscribe to workday or weekly emails from CMI.