With the enactment of California’s CCPA law as of January 1st, 2020, many companies have been left scrambling to comply, asking the question “How do we prepare ourselves?” With laws such as GDPR enacted in Europe during 2018 and similar developments in California, understanding these complex privacy requirements is becoming more and more crucial to adapting and evolving in the online landscape.
The risks to be had after CCPA’s enforcement date of July 1st, 2020 are nothing to scoff at, with up to $7,500 in fines per violation and the risk of losing consumer trust over failure to comply. However, there are plenty of things businesses can do to prepare themselves in the coming months. Below are answers to some of the most common questions Orange142 has received in regards to how to ready your business for the new legislation upon us, and similar laws that may follow it in the future.
What is CCPA?
The California Consumer Privacy Act is a piece of legislation brought into effect on January 1st, 2020 to provide the right to consumers in California to know what data various companies have collected on them, how it is being used and requires the consumer an easy opportunity to opt-out of data collection should they choose. The law describes the applicable personal information as such that “could be reasonably linked, directly or indirectly, with a particular consumer.” The law will begin being enforced as of July 1st, 2020 and will apply to companies that meet any of the criteria below:
- Anyone that does business in the state of California
- Gross annual revenue above $25 million USD
- Any company that processes the personal information of 50,000 or more households, residences, or individuals in the state of California annually.
- Any business that derives more than 50% of its revenue from selling the personal information of users in exchange for monetary assets or valuable consideration.
How Does CCPA Compare to GDPR?
CCPA and GDPR are two sides of the same coin in terms of data privacy regulations, but there are some key differences between the two. GDPR’s primary goal is to receive consent prior to the collection of data to ensure that customers are opting into the process and data is not being collected unknowingly. CCPA however, does not require consent at the point of data collection but instead requires that the user is notified that their information has been collected and that they have accessible options to learn what kind of information was collected and the option to remove themselves from future collection.
How to Prepare Your Site for CCPA
Getting prepared for CCPA can be achieved through a few simple steps:
- Provide an opportunity to opt-out of data collection and a contact phone number for any user looking to inquire more about the information your company holds on them. (Must be a toll-free number)