How can you make your business California Consumer Privacy Act aka CCPA compliant?

How can Ayottaz help

Understand how Ayottaz simplifies CCPA compliance

Connect with us now for your  initial CCPA consultation 

Understand if your business is impacted by California Consumer Privacy Act aka CCPA

Before understanding how to achieve GDPR compliance, it is important to understand  what kind of businesses are obligated to comply with GDPR.  Any business operating within, or with, clients/customers who are citizens of, European Union member states should comply with the General Data Protection Regulation.

What is CCPA?

The California Consumer Privacy Act (CCPA) is a state-wide data privacy law that regulates how businesses all over the world are allowed to handle the personal information (PI) of California residents.

The effective date of the CCPA is January 1, 2020. It is the first law of its kind in the United States.

Who does CCPA apply to?

CCPA applies to any for-profit businesses in the world that sells the personal information of more than 50,000 California residents annually, or have an annual gross revenue exceeding $25 million, or derives more than 50 percent of its annual revenue from selling the personal information of California residents.

Sale of PI is defined in the CCPA as “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration.”

If a company shares common branding (i.e. shared name, service mark or trademark) with another business that is liable under the CCPA, the company will be subject to CCPA compliance too.

What does CCPA mean for businesses?

To comply with the CCPA, businesses must provide its users with the collected data once requested and must immediately disclose the following:

  1. All the sources from where the consumers’ data is being collected.
  2. The intent or purpose of collecting or selling the information.
  3. Information about the third parties with whom the consumer data is being shared. 

Businesses conforming to California privacy law 2020 must also do the following:

  1. Notify the users before-hand of any personal data to be collected before doing so.
  2. Provide users with more than two ways to opt-out of any data collection program they might be in and prohibit any selling of their data. This could be done by providing an opt-out link on their website accompanied by a telephone number at the very least.
  3. Provide the same level of features as to someone who exercised the California consumer law.
  4. Maintain a record of similar user requests made and their response.
  5. Verify the user’s identity requesting for changes under the act to find out the authenticity of the request.
  6. Respond to the user’s request and provide the requested data within 45 days of receiving the request.
  7. Disclosing own data privacy policies and practices to its users.

.

Individual Rights under CCPA

What are the penalties under CCPA?

Failure to comply with the CCPA can result in fines for businesses of $7,500 per violation and $750 per affected user in civil damages for businesses.

The power to enforce the CCPA lies with the office of the Attorney General of California. 

For eg.  If a company ABC is not adhering to CCPA requirements by not honoring consumer access or deletion requests, say of at least 200,000 individual requests made in total, and the AG determines the violations were intentional in nature, the civil penalties can potentially be up to $1.5 billion.

7500

for every intentional violation of the law

Ayottaz can simplify your California Consumer Privacy Act compliance journey

There’s no ‘one size fits all” approach to preparing for CCPA. Rather, each business needs to know exactly what needs to be achieved to comply and who is the data controller who has taken responsibility for ensuring it happens. You are expected to put into place comprehensive but proportionate governance measures.  

That could be the responsibility of an individual in a small business, or even a whole department in a multinational corporation. Either way, budgets, systems and personnel will all need to be considered to make it work.

Under CCPA provisions, companies need to implement appropriate technical and organisational measures. This could include data protection provisions (staff training, internal audits of processing activities, and reviews of HR policies), technical updations, mapping of your data as well as continuing documentation on processing activities.  

 

Easily comply with Data Privacy regulations

Currently, nearly all of the information and marketing material available regarding data privacy emphasizes technical expertise and the requirements of experts in order to manage compliance. All of this seems extremely daunting to a small to medium-sized business that lacks the resources to onboard such resources. Ayottaz acts as an unbiased interface between enterprises and service providers. We are in the unique position to assure quality products and services to enterprises without any allegiance to a particular product or service. Getting the first mover’s advantage and using the platform to build long-lasting relationships with our customers will help us stay ahead of the competition in the future. 

Connect with us now for your  initial CCPA consultation 

Or

Find a product or service now to become CCPA compliant