— by Lindsey Ullian, Threat Stack Compliance Manager
After GDPR went into effect in May 2018, many companies reassessed their privacy program — implementing more transparency and giving more control of personal information to the consumer. Now, with the CCPA (California Consumer Privacy Act) coming into effect in January 2020, even more companies are buttoning up their data privacy programs. The CCPA is not a guideline — it’s an act, and all companies that fall within its scope must comply. If companies don’t abide by this regulation, they could be looking at fines of up to $7,500 for each intentional violation.
Since both acts are related to data privacy and aim to provide more control and transparency to the consumer, most companies’ first question is, “If I’m GDPR compliant, am I covered for the CCPA?” The following article by Kevin Kish, Privacy Technical Lead at Schellman & Company, will give you a clear picture as to what you may have covered and what you’re lacking within your privacy program — outlining the similarities and differences between the two regulations. And what about companies that haven’t implemented proper GDPR data procedures? Short answer — they’ve got a bigger road ahead. Fortunately, this article details clear steps you can take to comply with the CCPA.
It’s clear by the enactment of the CCPA, shortly after the GDPR, that data privacy regulations are not going to go away anytime soon, so as a top level best practice, companies should aim to be proactive and build a privacy program that aligns with these regulations and allows them to maintain strict CCPA compliance monitoring.