If You’re Not First, You’re Last: Risks of Delaying CCPA Compliance

Introduction

— by Lindsey Ullian, Threat Stack Compliance Manager

After GDPR went into effect in May 2018, many companies reassessed their privacy program — implementing more transparency and giving more control of personal information to the consumer. Now, with the CCPA (California Consumer Privacy Act) coming into effect in January 2020, even more companies are buttoning up their data privacy programs. The CCPA is not a guideline — it’s an act, and all companies that fall within its scope must comply. If companies don’t abide by this regulation, they could be looking at fines of up to $7,500 for each intentional violation.

Since both acts are related to data privacy and aim to provide more control and transparency to the consumer, most companies’ first question is, “If I’m GDPR compliant, am I covered for the CCPA?” The following article by Kevin Kish, Privacy Technical Lead at Schellman & Company, will give you a clear picture as to what you may have covered and what you’re lacking within your privacy program — outlining the similarities and differences between the two regulations. And what about companies that haven’t implemented proper GDPR data procedures? Short answer — they’ve got a bigger road ahead. Fortunately, this article details clear steps you can take to comply with the CCPA.

It’s clear by the enactment of the CCPA, shortly after the GDPR, that data privacy regulations are not going to go away anytime soon, so as a top level best practice, companies should aim to be proactive and build a privacy program that aligns with these regulations and allows them to maintain strict CCPA compliance monitoring.

Read more “If You’re Not First, You’re Last: Risks of Delaying CCPA Compliance”

Group Fines Under the GDPR

How Multinational Companies May be Affected by Their Subsidiaries’ Noncompliance

Introduction

— by Lindsey Ullian, Threat Stack Compliance Manager

Preparing for GDPR was similar to preparing for Y2K — heads down grinding with anxiety running high, only to find that May 25th came and went without a peep. So what was all that hard work and worry for, anyway? What drove all the privacy emails and data inventorying within companies? In all honesty, it was most likely driven by the high consequences that a company might suffer as a result of noncompliance. But just because your company is now “GDPR ready,” does that mean you’re safe from heavy fines?

Not necessarily. The noncompliance of other companies just might make you vulnerable.

In this post, Kevin Kish, Privacy Technical Lead with Schellman & Company, explains how you may be affected by your subsidiaries’ noncompliance and how you can manage the risk.
Read more “Group Fines Under the GDPR”