All You Need to Know About CCPA Compliance

Updated 25 Aug 2021

9 Min

3320 Views

Follow

Share

The current pace of technology development has brought a lot of worries about personal data. It led to the creation of new laws and restrictions. CCPA or California Consumer Privacy Act is changing the old-school principles of private information protection and impacts on many businesses.

CCPA Basics: What Does the CCPA Mean?

The California Consumer Privacy Act (CCPA), also known as the California consumer privacy law, was established in June 2018. The main aim of this law is to provide consumers with more control over their private data.

According to CCPA requirements, personal information includes data that can identify a particular person:

  • Identification data like name, surname, alias, address, passport number;
  • Web data like IP address, email address, search history;
  • Commercial data like information about personal property, purchased products or services;
  • Biometric data;
  • Geolocation;
  • Employment-related information;
  • etc.

Have questions about CCPA?

We help our clients to comply with these regulations and can consult you.

CCPA private data definition

Personal information according to CCPA

The Difference Between CCPA and GDPR

Having a business that gathers personal information, you should know about the EU General Data Protection Regulation (GDPR). This law regulates human private rights across Europe.

GDPR has brought a lot of changes to the data protection laws. For instance, websites have to display the warning about the cookies files, data protection agreement, and more. Simply put, GDPR has changed the whole process of managing customers’ data for various industries (e.g. FinTech, Healthcare, E-Commerce, etc.)

It may seem that CCPA is California’s GDPR. However, there are several vital differences.

Personal data

GDPR tends to cover publicly available information while CCPA doesn’t. It means that the last law doesn’t embrace the data from any government records. Additionally, GDPR protects healthcare information including data how to build an EHR system and other software. CCPA doesn’t cover medical records since there is the Confidentiality of Medical Information Act.

Industries

According to the GDPR law, all organizations that collect and use personal data have to comply with the act. However, the CCPA is obligatory only ‘for-profit companies’, businesses that get revenue above $25 million.

Transparency

Of course, both of these laws made organizations reveal types of collected data and how they use it. However, according to the California data protection law, companies provide information for the last 12 months while there are no timeframes under the GDPR.

Penalties

Penalties for GDPR violations are 4% from annual turnover or €20 million, depending on what is higher. According to the CCPA law, businesses have to pay $7,500 fine and $750 per person.

The primary differences between GDPR and CCPA lay in the area of defining personal data. EU General Data Protection Regulation covers more types of personal information, e.g. health-related data. However, the CCPA can be changed and improved in several years.

CCPA Compliance Checklist

To comply with the CCPA, it’s better to take into account the following steps.

  • Step 1. Determine if the California Consumer Privacy Act applies to your business.
  • Step 2. Determine what kind of data is collected and why you need it.
  • Step 3. Pay attention to the new consumer rights according to the California Consumer Privacy Act.
  • Step 4. Update your website’s homepage.
  • Step 5. Update the privacy policy.
  • Step 6. Hire or engage a CCPA compliance assessor.

#1. Does CCPA Apply Your Business?

Before starting the update, you need to ensure that your business has to comply with the CCPA. Ensure that your company needs to collect data from California residents, your business type has to comply with the CCPA, and so on.

However, even if the CCPA doesn’t apply for your business, it’s better to follow its restrictions. It’s only a matter of time when similar laws are adopted. Additionally, the government of such states as Nevada, Texas, and New York are expected to follow with similar regulations.

#2. What Data Is Required?

CCPA or California Privacy Act provides a broad definition of personal information. However, you need to decide what type of data you need and why since users have a right to know the reasons for collecting their private data.

#3. What Are the Consumer Rights?

The integration of the CCPA compliance requirements has brought some new client rights that you need to follow. For instance, California residents have a right to restrict selling their personal data. We’ll discuss the new rights more precisely later.

#4. How to Update the Homepage?

According to the CCPA, consumers have to be notified that their personal data can be sold. Additionally, users can prohibit the selling of such information from your website. It’s better to introduce the link’ on the website with a title like ‘Do Not Sell My Personal Information.’

#5. How to Update the Privacy Policy?

CCPA 2020 contains the list of precise requirements that you need to follow. You need to bring up to date your privacy policy. It’s necessary to add information about how, why, and what types of personal data you collect and use.

Users have to know they have the right to change or access the personal data collected.

#6. Why Hire a CCPA Assessor?

If you aren’t a law expert, it’s better to cooperate with a professional who can ensure that your business complies with all the CCPA requirements. A CCPA advisor can estimate the data privacy, determine the gaps between your website and CA Consumer Privacy Act requirements, and offer solutions for eliminating issues.

CCPA compliance checklist

How to comply with CCPA?

CCPA: Who Does It Apply To?

Every business that collects and processes personal information has to consider the CCPA compliance. Additionally, not only companies located in California comply with this law but also firms that use personal data of California citizens.

The following businesses have to comply California Consumer Protection Act or California version of GDPR:

  1. Businesses with annual revenue of more than $25 million.
  2. Companies purchasing, selling or sharing the personal data of more than 50,000 clients, households, or devices.
  3. Businesses getting at least 50% of annual revenue from selling personal data of consumers.

Machine Learning can protect your business from fraudulent attacks. We’ve revealed five ways to prevent fraud with the help of AI.

As a result, many industries are influenced by the CCPA (e.g. e-commerce, financial field, etc.)

How CCPA May Influence the Business Growth

The CCPA will go into effect on January 1, 2020. Any business that uses California personal data of consumers needs to prepare beforehand. It’s better to make sure that your business complies with these new laws.

New California data privacy law has introduced several new client rights. I’ve listed and explained them below.

CCPA Explained: Consumer Rights

California Consumer Privacy Act has introduced several new client rights for California residents.

Right to know

CCPA California claims that consumers have to know what kind of personal information is collected. Additionally, clients can ask the business to provide personal data they collected for the last 12 months.

Right to access

According to the previous right, consumers from California can get the data collected by the platform. Users can ask for some categories of personal data (name, phone number), some specific parts of the information, the commercial aim of collecting data, and more.

Right to opt-out

Consumers have a right to reject the sale of their personal data to third parties. However, if the company wants to sell such information, it has to create a popup ‘Do not sell my personal information’. So users can tick and refuse from selling their personal data.

Additionally, users can ask the business to delete their personal data. However, there are some restrictions and exceptions in the new California Consumer Privacy Act. For instance, this request is impossible if the information is required to complete the transaction.

Right to equal service

According to the CCPA, the companies can’t charge different prices or provide various quality of the product or service to the California consumers.

CCPA explained: consumer rights

Consumer rights according to CCPA

As you can see, the CCPA can gradually affect your business. To meet all the legal requirements and consumer expectations, you need to spend time and resources to comply with the privacy regulations.

Reasons Why California Consumer Privacy Act Matters for Your Business

CCPA provides improvements to the data protection process. However, there are some more reasons to pay attention to this law.

Noncompliance is expensive

According to the California Consumer Protection Act, there are high fines for not following these regulations. For instance, it’s necessary to pay $2,500 fine for unintentional violation and $7,500 per intentional one. Additionally, every consumer affected by this process gets $750.

Customer trust

A good reputation and client’ trust are vital for your business. Achieving CCPA compliance demonstrates that your company takes privacy issues seriously.

Scalable solutions

Privacy policy touches many aspects of collecting, storing, and using data. To follow all the requirements, it’s better to improve digital solutions. Such kinds of solutions can improve privacy without any harm to performance. For instance, it’s possible to integrate electronic identity verification, customer identity, and more.

Why CCPA matters

Why does CCPA matter?

Let’s Talk

CCPA is an essential law for personal data protection. Each company should pay attention to these regulations. Following the mentioned document, you can gain customer trust and provide them with control of their personal information.

Cleveroad already has an established framework for working with GDPR. And we are actively helping our clients to comply with CCPA.

Need a consultation?

Let’s talk about CCPA compliance and how we can help you.

Frequently Asked Questions
What is CCPA compliance?

The California Consumer Privacy Act (CCPA), also known as the California consumer privacy law, was established in June 2018. The main aim of this law is to provide consumers with more control over their private data.

What data is covered by CCPA?

According to CCPA requirements, personal information includes data that can identify a particular person:

  • Identification data like name, surname, alias, address, passport number;
  • Web data like IP address, email address, search history;
  • Commercial data like information about personal property, purchased products or services;
  • Biometric data;
  • Geolocation;
  • Employment-related information;
  • etc.
What is the difference between GDPR and CCPA?

There are several differences between GDPR and CCPA:

  • GDPR tends to cover publicly available information while CCPA doesn’t.
  • According to the GDPR law, all organizations that collect and use personal data have to comply with the act. However, the CCPA is obligatory only ‘for-profit companies’.
  • According to CCPA, companies provide information for the last 12 months while there are no timeframes under the GDPR.
  • Penalties for GDPR violations are 4% from annual turnover or €20 million, depending on what is higher. According to the CCPA law, businesses have to pay $7,500 fine and $750 per person.
How do you comply with the California Consumer Privacy Act?

To comply with the CCPA, it’s better to take into account the following steps.

  • Step 1. Determine if the California Consumer Privacy Act applies to your business.
  • Step 2. Determine what kind of data is collected and why you need it.
  • Step 3. Pay attention to the new consumer rights according to the California Consumer Privacy Act.
  • Step 4. Update your website’s homepage.
  • Step 5. Update the privacy policy.
  • Step 6. Hire or engage a CCPA compliance assessor.
What are the penalties for violating CCPA?

According to the CCPA law, businesses have to pay $7,500 fine and $750 per person.

Do I need to be CCPA compliant?

The following businesses have to comply California Consumer Protection Act or California version of GDPR:

  • Businesses with annual revenue of more than $25 million.
  • Companies purchasing, selling or sharing the personal data of more than 50,000 clients, households, or devices.
  • Businesses getting at least 50% of annual revenue from selling personal data of consumers.
Author avatar...
About author

Evgeniy Altynpara is a CTO and member of the Forbes Councils’ community of tech professionals. He is an expert in software development and technological entrepreneurship and has 10+years of experience in digital transformation consulting in Healthcare, FinTech, Supply Chain and Logistics

Rate this article!
2656 ratings, average: 4.62 out of 5

Give us your impressions about this article

Give us your impressions about this article

Latest articles
Start growing your business with us
By sending this form I confirm that I have read and accept the Privacy Policy