All You Need to Know About CCPA Compliance
The current pace of technology development has brought a lot of worries about personal data. It led to the creation of new laws and restrictions. CCPA or California Consumer Privacy Act is changing the old-school principles of private information protection and impacts on many businesses.
CCPA Basics: What Does the CCPA Mean?
The California Consumer Privacy Act (), also known as the California consumer privacy law, was established in June 2018. The main aim of this law is to provide consumers with more control over their private data.
According to CCPA requirements, personal information includes data that can identify a particular person:
- Identification data like name, surname, alias, address, passport number;
- Web data like IP address, email address, search history;
- Commercial data like information about personal property, purchased products or services;
- Biometric data;
- Employment-related information;
The Difference Between CCPA and GDPR
Having a business that gathers personal information, you should know about the EU General Data Protection Regulation (GDPR). This law regulates human private rights across Europe.
GDPR has brought a lot of changes to the data protection laws. For instance, websites have to display the warning about the cookies files, data protection agreement, and more. Simply put, GDPR has changed the whole process of managing customers’ data for various industries (e.g. FinTech, Healthcare, E-Commerce, etc.)
It may seem that CCPA is California’s GDPR. However, there are several vital differences.
GDPR tends to cover publicly available information while CCPA doesn’t. It means that the last law doesn’t embrace the data from any government records. Additionally, GDPR protects healthcare information. CCPA doesn’t cover medical records since there is the Confidentiality of Medical Information Act.
According to the GDPR law, all organizations that collect and use personal data have to comply with the act. However, the CCPA is obligatory only ‘for-profit companies’, businesses that get revenue above $25 million.
Of course, both of these laws made organizations reveal types of collected data and how they use it. However, according to the California data protection law, companies provide information for the last 12 months while there are no timeframes under the GDPR.
Penalties for GDPR violations are 4% from annual turnover or €20 million, depending on what is higher. According to the CCPA law, businesses have to pay $7,500 fine and $750 per person.
The primary differences between GDPR and CCPA lay in the area of defining personal data. EU General Data Protection Regulation covers more types of personal information, e.g. health-related data. However, the CCPA can be changed and improved in several years.
CCPA Compliance Checklist
To comply with the CCPA, it’s better to take into account the following steps.
- Step 1. Determine if the California Consumer Privacy Act applies to your business.
- Step 2. Determine what kind of data is collected and why you need it.
- Step 3. Pay attention to the new consumer rights according to the California Consumer Privacy Act.
- Step 4. Update your website’s homepage.
- Step 6. Hire or engage a CCPA compliance assessor.
#1. Does CCPA Apply Your Business?
Before starting the update, you need to ensure that your business has to comply with the CCPA. Ensure that your company needs to collect data from California residents, your business type has to comply with the CCPA, and so on.
However, even if the CCPA doesn’t apply for your business, it’s better to follow its restrictions. It’s only a matter of time when similar laws are adopted. Additionally, the government of such states as Nevada, Texas, and New York are expected to follow with similar regulations.
#2. What Data Is Required?
CCPA or California Privacy Act provides a broad definition of personal information. However, you need to decide what type of data you need and why since users have a right to know the reasons for collecting their private data.
#3. What Are the Consumer Rights?
The integration of the CCPA compliance requirements has brought some new client rights that you need to follow. For instance, California residents have a right to restrict selling their personal data. We’ll discuss the new rights more precisely later.
#4. How to Update the Homepage?
According to the CCPA, consumers have to be notified that their personal data can be sold. Additionally, users can prohibit the selling of such information from your website. It’s better to introduce the link’ on the website with a title like ‘Do Not Sell My Personal Information.’
Users have to know they have the right to change or access the personal data collected.
#6. Why Hire a CCPA Assessor?
If you aren’t a law expert, it’s better to cooperate with a professional who can ensure that your business complies with all the CCPA requirements. A CCPA advisor can estimate the data privacy, determine the gaps between your website and CA Consumer Privacy Act requirements, and offer solutions for eliminating issues.
CCPA: Who Does It Apply To?
Every business that collects and processes personal information has to consider the CCPA compliance. Additionally, not only companies located in California comply with this law but also firms that use personal data of California citizens.
The following businesses have to comply California Consumer Protection Act or California version of GDPR:
- Businesses with annual revenue of more than $25 million.
- Companies purchasing, selling or sharing the personal data of more than 50,000 clients, households, or devices.
- Businesses getting at least 50% of annual revenue from selling personal data of consumers.
Machine Learning can protect your business from fraudulent attacks. We’ve revealed five ways to prevent fraud with the help of AI .
As a result, many industries are influenced by the CCPA (e.g. e-commerce, financial field, etc.)
How CCPA May Influence the Business Growth
The CCPA will go into effect on January 1, 2020. Any business that uses California personal data of consumers needs to prepare beforehand. It’s better to make sure that your business complies with these new laws.
New California data privacy law has introduced several new client rights. I’ve listed and explained them below.
CCPA Explained: Consumer Rights
California Consumer Privacy Act has introduced several new client rights for California residents.
CCPA California claims that consumers have to know what kind of personal information is collected. Additionally, clients can ask the business to provide personal data they collected for the last 12 months.
According to the previous right, consumers from California can get the data collected by the platform. Users can ask for some categories of personal data (name, phone number), some specific parts of the information, the commercial aim of collecting data, and more.
Consumers have a right to reject the sale of their personal data to third parties. However, if the company wants to sell such information, it has to create a popup ‘Do not sell my personal information’. So users can tick and refuse from selling their personal data.
Additionally, users can ask the business to delete their personal data. However, there are some restrictions and exceptions in the new California Consumer Privacy Act. For instance, this request is impossible if the information is required to complete the transaction.
According to the CCPA, the companies can’t charge different prices or provide various quality of the product or service to the California consumers.
As you can see, the CCPA can gradually affect your business. To meet all the legal requirements and consumer expectations, you need to spend time and resources to comply with the privacy regulations.
Reasons Why California Consumer Privacy Act Matters for Your Business
CCPA provides improvements to the data protection process. However, there are some more reasons to pay attention to this law.
According to the California Consumer Protection Act, there are high fines for not following these regulations. For instance, it’s necessary to pay $2,500 fine for unintentional violation and $7,500 per intentional one. Additionally, every consumer affected by this process gets $750.
A good reputation and client’ trust are vital for your business. Achieving CCPA compliance demonstrates that your company takes privacy issues seriously.
CCPA is an essential law for personal data protection. Each company should pay attention to these regulations. Following the mentioned document, you can gain customer trust and provide them with control of their personal information.
How to make your website secure? There are ten security holes you may face and how to fix them .
Cleveroad already has an established framework for working with GDPR. And we are actively helping our clients to comply with CCPA.