As companies across the world rush to become compliant with the GDPR, many have failed to notice that California will set its own data and privacy protection requirements by January 1, 2020. California governor Jerry Brown signed CA Assembly Bill 375, the California Consumer Privacy Act (CCPA), on June 29, 2018.
Even if your company doesn’t have an office in California, it still must comply with the CCPA if it collects or sells Californians’ data. According to the upcoming law, your business must comply with the CCPA if it earns $25,000,000 a year in revenue; receives 50 percent of its revenue by selling customers’ information; or handles data for more than 50,000 people. Companies violating this law will pay penalties up to $7,500 per intentional violation. That said, unlike the GDPR, the CCPA will give companies a 30-day grace period to get back into compliance without receiving a fine.
How does the CCPA affect companies?
Every organization that does business in California has to comply with this law, and if your organization sells customer data to a third-party organization, it also needs to become compliant.
Since most organizations are already GDPR-compliant, or in the process of becoming compliant, they won’t have to enact many drastic strategic changes, as both the GDPR and the CCPA have similar objectives.
Preparing yourself for the CCPA
Here are some best practices you can enact to prepare for this law:
Make sure to only collect necessary data from sales, marketing, product development, project management, and all other business channels.
Notify all departments about new data collection norms.
Analyze your organization’s existing data and remove old or unwanted data from your databases.
Clean up your mailing lists to avoid sending unrelated information to recipients.
Develop a portal for your customers so they can see their data and how it is being processed.
If your company is found guilty of non-compliance with the CCPA, it will have 30 days to provide all the information about the breach. Tech giants, such as Facebook and Google, have already been sued for GDPR noncompliance, and now with the CCPA, the days of unregulated data collection procedures are long gone.
The good news is that you still have time to revamp your lead nurturing and data management procedures with respect to the US market. Also, it’s important to note that there can be minor modifications to the CCPA before it officially rolls out on January 1, 2020.
If you are looking for in-depth data compliance procedures, check out this data security e-book to understand how you can secure all the data in your network.