Imagine you're in charge of a big marketing organization and you're faced with the prospect of complying with sweeping new consumer-privacy regulations. Doing so will be expensive and time consuming. You're well into Q4, your busiest season, but you need to have your compliance solution up and running by january. Oh, one more thing: You don't know exactly what the specific requirements are going to be or what compliance measures will be considered acceptable — and you won't know until months after the January deadline comes and goes.

That scenario is not a Kafkaesque hypothetical. It's the very real challenge that CMOs are facing right now from the California Consumer Protection Act (CCPA), and it's only the tip of the iceberg. Coming on the heels of the EU's General Data Protection Regulation (GDPR), the CCPA is just the first shot in what is expected to be a volley of new consumer- privacy and data-protection laws from multiple sources.

Internationally, more countries are following in the EU's footsteps with data-privacy and protection regulations of their own, says Mary Ann Wymore, an officer in the law firm of Greensfelder, Hemker & Gale, P.C. "Trying to comply with all these new laws is going to be very challenging for marketers," she says.