Did you know that California has over 3.3 million small businesses? Many of these businesses will be affected by new CCPA regulations. What is CCPA? Is your business ready for it?
Let’s get the simple answer first, CCPA stands for California Consumer Privacy Act. It became a law in 2018 and will begin to be applied from January 01, 2020.
CCPA compliance is crucially important to companies as they could be subject to punishment if they do not comply.
How can you ensure that you are compliant? Check out our list of 5 tips to make sure that you are ready for January 01.
1. Assess Whether it Actually Applies to Your Business
You may be relieved to find out that not every business is subject to CCPA. What are the requirements?
If your company does the following, it applies to you.
- Your business has gross revenues that amount to more than $25 million and you routinely collect personal information regarding your customers.
- When collecting information, you do so from at least 50,000 customers or the same number of households or devices in California.
- If you sell consumer data and at least 50% of your income comes from this practice.
If your business falls into these categories then you will need to think carefully about complying with this new regulation before January 01, 2020. How can you do this?
2. Maintain Records of Data Processing Activities
Historically, personal data was poorly defined and loosely tracked. However, from January 01 customers will have the right to request precise details regarding what data is in your possession and how it is and has been used.
Start now by organizing your data. Next, work to create workflows that show how data is routinely processed. Prepare charts and readouts that display in full-color current company policy.
3. Prepare Your PR
When January 01 comes around, there will no doubt be a rush of requests for either personal records or for a broad view of your procedure. Get ahead of the game by preparing your standard responses to these requests.
The response will no doubt be different depending on whether you are addressing the concern of a consumer, corporate board member or press-related organization. Spread these prepared releases around your organization to ensure that everyone is answering from the same page.
4. Assess Third Parties and Affiliated Companies
The definition of “sale of information” is still to be clearly defined. This means that if you are working with a subsidiary or affiliated company, you could be open to the accusation of selling information when this was not your initial intention.
Check contract wording with these companies to see whether you are liable for information shared with them or for how they use it.
5. Get Help
There is a real lack of clarity regarding what is classified as personal data, legacy data management, and how the sale of data is defined. There will likely be further legislation will be enacted in the future.
The truth is, involving an expert company to ensure that you are doing due diligence regarding CCPA compliance, is a wise step.
CCPA Compliance and So Much More
Whether you are interested in managing your data to ensure CCPA compliance or preserve it with safe data storage methods, we are here to provide good advice. Why not check out our other blog posts?
We provide accurate up-to-date articles and trustworthy guidance on a range of technical subjects. We do the research, so you don’t have to. Simply relax, read and keep up to date.