While large enterprises like Google are facing fines for GDPR violations abroad, smaller U.S. companies are waiting as California pushes forward state-level data privacy legislation. Passed last year, the California Consumer Privacy Act (CCPA) is still evolving, but it has created a larger conversation in the U.S. around federal and state data privacy legislation. As the conversation intensifies, small businesses owners are starting to consider how these new regulations will affect their businesses and how they can stay compliant. Though data privacy and security legislation are important, it doesn’t come without challenges for smaller U.S. businesses. The Senate Subcommittee hearing on data privacy legislation that took place this past March dug into these unique challenges that small businesses face when trying to comply with data privacy laws that are made with larger companies in mind. (SIW) recently secured comments from Monique Becenti, product and channel specialist at SiteLock, as she discusses the benefits of state and federal legislation for consumers and the challenges these laws present for smaller U.S businesses.

SIW: What are the challenges for businesses when laws like GDPR and CCPA come into effect?

Monique Becenti: The cost to comply with CCPA and GDPR standards can be very expensive, especially as the need for data management technology tools and legal consulting for data privacy management increases. With an estimated cost of $100,000 to implement the required standards, most small businesses are faced with limited budgets and resources to fully execute on all necessary requirements.

SIW: What are the benefits of California leading the charge on U.S. data privacy and security legislation? What are the drawbacks?

Becenti: Being the largest and most populous state in the country, California has a strong influence over other states. Therefore, as California leads the charge when it comes to business regulations and consumer legislation, it will likely influence other states and push them towards passing their own privacy legislation. Additionally, any business with customers in California, even if they’re not based in the state, needs to adhere to the state’s laws. This is a benefit to all U.S. consumers. California’s charge is especially beneficial to the state’s residents as they finally have a voice in how their data is being utilized and have the ability to restrict the data that is being shared with third parties without their permission.

Though data privacy laws highly benefit the consumer, that doesn’t mean there aren’t drawbacks for small business owners. In fact, with that estimated expense of $100,000, the cost to comply with data privacy regulations could outweigh the benefit. Another drawback is that heavy fees and the large expense to implement the appropriate resources might convince small businesses to start pulling their business out of California completely. We saw this happen in Europe when GDPR was implemented. This could very well hurt the economy in California and other states if they followed suit.

SIW: What are the issues associated with a patchwork of data privacy laws vs. a federal law?

Becenti: As California leads the charge in data privacy laws, it’s only a matter of time before other states follow suit. Having a patchwork of data privacy laws within the U.S. vs. a federal law would make it challenging for companies to do business since they would need to be compliant with different privacy and security regulations across various states. In the event that more states follow California’s fight to protect data privacy and security, a change will need to be implemented on a federal level to avoid confusion and inconsistencies across state-level regulations.

SIW: What is your opinion on large tech companies that advocate for a federal data privacy law?

Becenti: When tech giants, like Apple, advocate for strict federal privacy laws, it spreads awareness and encourages companies to speak up and take action in the fight to secure consumer data. The overwhelming support rallied by large tech companies in favor of more privacy laws signifies there is a real and growing concern for privacy among consumers. Since large tech companies have access to so much consumer data and carry a great amount of influence, there is no better voice advocating for this change.

SIW: Why is the impact of stricter data privacy regulations on small businesses disproportionately large in comparison to enterprises?

Becenti: Small businesses will feel the impact of data privacy regulations like CCPA the most, simply because enterprise tech companies have the distinct advantages of bigger budgets, better legal teams and more access to security talent than a smaller business. Small businesses may have a difficult time assembling the budget and resources needed for compliance as quickly as an enterprise, which affects a company’s ability to drive revenue or remain competitive in the market. If a small business is out of compliance and something happens to their data, it could potentially put them out of business. An enterprise company, on the other hand, will typically be able to bounce back more quickly and easily.

SIW: What do small businesses need to know about complying with data privacy legislation?

Becenti: Small businesses should take the time to review data privacy policies to have a strong understanding of what personal information is collected and processed. Even if a small business is exempt from privacy regulations, it should still prepare to secure its users’ data and privacy, as it may need to meet those qualifications in the future.

SIW: How can small businesses balance the benefits of consumer data by ensuring consumer privacy and security?

Becenti: Consumer data allows a business to deliver a more unique, personalized experience, and really cater to customers and their needs. Data also provides valuable insights that can help business owners make better, more informed decisions about their businesses. However, small businesses are also ultimately responsible for ensuring the privacy and security of customer data in order to ensure they don’t operate out of compliance and risk losing customer trust.