Regulations related to data privacy are emerging around the globe. Regions, countries and even individual states worldwide are formulating and implementing new data privacy regulations to handle this data era. All the industries in the digital space expected GDPR compliance to handle data privacy effectively, but the passing of the “California Consumer Privacy Act (CCPA)” has proven otherwise. The attention of the digital ecosystem turned towards the United States with the passing of state-level privacy legislation in California, Nevada, Texas, and numerous other states with legislation in flight.
What is CCPA? And how it came into the picture?
California, the fifth-largest economy in the world cannot be ignored by many marketers. In 2018 California enacted its own comprehensive privacy law, the California Consumer Privacy Act (CCPA), set to go into effect on January 1, 2020. CCPA compliance is mandatory if companies want to continue tapping into the riches of California State.
The main focus of CCPA is to protect consumer rights and drive stronger transparency when it comes to the protection of personal information. Companies are monitored and are forbidden to sell personal data of consumers aged 13-16 unless they opt-in, and parents or guardians will have to consent to the selling of data for youngsters under 13.
As you know General Data Protection Regulation (GDPR) deals with the same issue, i.e protection of privacy and individual data, so what makes CCPA special and unique? The answer to that question stands firm on the grounds of “Consent”.
The California law doesn’t require user consent to collect the data in the first place, or process it.
A company can collect data just as it did before the CCPA but must give consumers that opportunity to opt-out. Whereas GDPR requires explicit consent from consumers or from wherever the data is being gathered, and businesses must thoroughly document the entire chain of consent.
Another important difference between the two privacy regulations is: CCPA applies to California residents, while the GDPR refers to “EU data subjects” without specifying residency or citizenship. The CCPA also protects data linked to specific households; the GDPR applies only to individuals.
The European regulation is applicable to all the enterprises both private and public but CCPA restricts itself to for-profit firms that gross above $25 million per year, deal in the personal data of 50,000 or more consumers, and derive half their revenue from selling that data. The particulars of the CCPA may shift further by the time it goes into law. There are multiple amendments threading their way through the California legislature that may impact various aspects of the final regulations.
Challenges – CCPA compliance
Transparency as a part of CCPA compliance is not a disadvantage to companies; in fact, they are the opposite of it. Detailed research after the implementation of GDPR revealed that 62% of people in the United Kingdom felt more comfortable sharing their personal information after it went into law. Handling data effectively makes a huge difference for business in the present ecosystem; products abiding the regulations completely are a hard find in the present competitive era. Challenges faced by companies in complying with CCPA includes,
- Determining the need for compliance.
- Early start.
- Agile to data privacy compliance.
Determining the Need for Compliance
In CCPA, the stated guidelines about company size and the amount of data they handle make it easier for some enterprises to recognize whether or not they should comply. However, there are finer points of the law that may sting a company that isn’t paying attention to how its marketing team, its outside agencies and vendors, and consumer engagement practices are gathering data.
How soon should a company begin taking steps toward CCPA compliance? The real question is, why hasn’t it already begun getting ready? The complexities involved in CCPA compliance may be just as big, for some companies, like those they were confronted with before the arrival of the GDPR. Beforehand, many did not have a real grasp of the intricacies of their own systems and processes, or of the difficulty involved in making them compliant. One new survey found that 71% of legal and privacy professionals felt they’d be ready for the CCPA in seven months. However, the same study found they were still struggling to meet the demands of GDPR.
Agile To Data Privacy Compliance
The GDPR was only the start, and the CCPA is the sequel. There’s a slate of new state data privacy laws in store, owing in large part to the failure of the federal government to deliver an inclusive set of regulations. DMP Manager is a full set of scalable services and products specifically designed to abide regulations and at the same time optimize your business performance. With perfect workflow and global privacy compliance, we offer effective solutions for handling customer data in the best possible way.
Abiding CCPA regulations: Planning for the future
Regulations and laws pertaining to data privacy are changing the future of data regulations. CCPA is the first of its kind to pass in the United States, transforming the way organizations must think about and structure their privacy programs. Following are some of the important rights the law brings in for California residents:
- The right to be informed with personal data collection.
- The right to deletion of personal data.
- The right to request information.
- Right to opt-out of consumer’s personal information of sale by a business to third parties.
- The right not to be discriminated against by a business for the exercise of consumer rights.
- Direct right of action in case of a breach involving non-encrypted information that is not cured by the business within a 30-day period.
The main concern for the organisation with regard to CCPA is on “how to handle consumer request”. There are Dos and Don’ts while gearing up for the regulation, business dealing with data must ensure that no lines are crossed.
Dos and DON’Ts of CCPA
|CCPA DO’s||CCPA DON’Ts|
|Practical Approach||No forced account creation|
|A Standardized and structured intake process||Don’t gather too much information|
|Validate Consumer Identity||Don’t forget CCPA redness|
|Training||Never ignore customer request|
DMP Manager offers the best possible solutions for handling data effectivity without breaking any regulations. CCPA is aimed towards improving the standard of protection given to privacy laws. Abiding regulations to the line and delivering a notch above data handling platform is our specialty.