CCPA Compliance: what should your business be aware of?

As a marketer, consumer data protection and privacy should be a priority. On May 25th, 2018, GDPR (General Data Protection Regulation) came into effect. On January 1st, 2020, another similar law took place known as CCPA (California Consumer Privacy Act) whose main role is to protect all data and personal information related to an individual.

The difference is that this law allows users a deeper access to their data, according to Subra Ramesh, SVP of products at Dataguise, an industry-leading data privacy compliance software.

CCPA is applicable to all residents living in California, as well as Californians traveling outside the state.

This law permits Californians to have access, delete or withdraw from the sale of their data. Consumers are given the right to ask for all data that the company has gathered about them over the last 12 months.

It applies to people consuming products and services, employees and business-to-business transactions.

All for-profit organizations operating inside California and are in charge of processing consumers data should comply with the law.

Organizations should conform to CCPA if they meet ANY of the following thresholds:

• Businesses earning greater than $25 million in gross revenue per year.
• Companies holding the personal information of over 100000 data entries from households, users and devices.
• Organizations generating more than 50% of their annual sales from selling Californians personal information.

CCPA doesn’t apply to a non-profit business, unless it’s operated, owned by a for-profit company or shares branding with it.

Companies have a 30-day period to comply with CCPA after they are informed by regulators that they have violated the act.

If organizations fail to handle this, they will be subject to a penalty fee of $2500 for each unintentional violation and $7500 if it’s intentional.

Besides, consumers have the right to fire lawsuits against businesses if they notice that the option to opt-out of information sharing or personal data selling is missing at the footer of their privacy policy page or website homepage, or if they can’t find out how the company has gathered their personal data and failed to provide them with a proof. Personal data includes name, address, email, IP address, drivers license, passport number, social security number, biometric information, geolocation data, education information, etc…

If California Attorney General executes legal procedures toward that organization, it would cost the business a lot of money.

As mentioned, and upon the consumer’s request for data removal, the company should delete all their personal information but there are certain exceptions that create a necessity for entities to keep these information particularly when they need to conduct a business transaction, security or fraud-prevention reasons or any other cause stated in the Act.

CCPA is similar to GDPR but there’s a lot of overlap between the two. According to Andy Dale, general counsel and VP of global privacy at SessionM, there are some conflicts when it comes to provisions and definitions.

The major principle regarding the protection of consumers’ data and personal information is likely to remain consistent but the thing is the potential adjustments that might be conducted by the California Legislature.

At VBOUT, we provide you with all the following tools you need in order to properly comply with CCPA:

• Data export to tell consumers what data we have collected on them.
• The deletion of consumers’ personal information and data in case they request it.
• Opt-in to the terms of service and privacy policy on all forms.

Ultimately, we will keep you informed with any CCPA amendments that may occur. You can subscribe to our blog in order to stay in touch with all our email releases.