Home Blog GDPR & CCPA Website Compliancy

GDPR & CCPA Website Compliancy

February 26, 2020

Does it affect me?

But I don’t live in California! While that may be true, you may still be affected by the most recent laws to ensure privacy for California or EU residents. Does your website serve people in the EU or California? Then you may still need to comply. For example, the CCPA states businesses that meet any of the following criteria need to comply:

  • Exceed $25MM Gross Annual Revenue
  • Obtain PI from 50,000+ California residents, households or devices per year
  • Earn 50% or more of annual revenue from selling California residents’ PI

Either way, as more and more laws and regulations are put into place, many businesses are taking steps now to ensure they comply, at least to a degree. Not only to avoid being sued, but also as a best practice and to prepare for the day it will be a requirement in your area.


First, what are we talking about?

Wikipedia has a quick study on both the CCPA and the GDPR that can be a good starting point. In essence, they are laws in place to provide residents under each locality the right to know, refuse and request any personal data collected on them while not being discriminated against.


“I’m sure my web guy is handling that”

Unfortunately, the complexity and potential options for being “compliant” are so vast that few industries have out-of-the-box solutions that meet all of the ever-changing requirements. So, please ignore the “3 easy steps to compliancy for under $100” type ads. It’s just not that simple. In addition, many of the requirements will take corporate level adjustments to how your business operates. The truth is, this will need to be an ongoing discussion with decision makers in your business and your website developer. With that in mind, here are a few questions to start the discussion:


What’s involved?

  1. Does your privacy policy spell out exactly what personal information you collect and how you use it?
  2. Can a user update his preferences on what you collect and how you use it?
  3. If requested, could you provide the personal information collected to a user? How would you verify you’re giving the right user his data? (John Smith from Denver or Texas)
  4. Children have to opt-in, how do you know their age to require this?
  5. Do you notify users on how you collect data, perhaps cookie notifications?
  6. How do you notify users of policy changes?
  7. Can you single out all California-gons or EU users?

“But my website is just a booking engine”

The vacation rental market is inundated with tools to get more direct bookings to increase dependency from big listing websites. As your company grows and reaches a larger audience, chances are one day, you’ll be marketing to an individual in a location with a regulation in place to ensure their privacy. If your business is in California that day was Jan 1, 2020.


Make sure you are securing your business’s future by partnering with a web development firm that not only is experienced in the vacation rental industry but has the flexibility to put your decisions in place. Send us an email and see how our 20+ years of industry experience and customizable platform can protect your business.

Make the move

Take the next step in your vacation rental company's evolution and join us! Level up with our over 22 years of digital marketing experience in the short-term rental industry and superb customer support.

Schedule a demo
Scurto

Our clients made $18.08m in direct-booking revenue last year.