By Adam Turteltaub
The European General Data Protection Regulation (GDPR) has kept compliance officers busy for the last few years, and has kept consumers clicking “I Accept” more than they ever imagined.
For those thinking the wave of work is over, it’s time to think again. The California Consumer Privacy Act (CCPA) is due to go into effect on January 1, 2020 with enforcement beginning July 1. As Teresa Troester-Falk, Chief Global Privacy Strategist for Nymity explains, the law applies to more than businesses based in California. It affects any business that processes data of California residents and has either $25 million or more revenues, shares or sells data for commercial purposes on 50,000 or more California residents or gains 50% or more of its revenues from selling consumer information. That’s a low enough threshold to affect a sizable portion of the business community.
The good news is that any business that has already worked to meet the GDPR’s mandates has gone a long way to matching the requirements of the CCPA. The law focuses, she explains, on the obligations to protect consumer rights. But, it breaks new ground by giving consumers the right not to have their data sold to third parties. In addition, if a consumer requests an organization deletes information it has on him or her, that organization must also pass that request down to third parties that it has provided data to.
More, California is not alone. Several other states have laws in various stages of the legislative process. As a result, business must be prepared for future regulations that will affect how they handle consumer data.
Listen in to learn more about the CCPA’s requirements, and what organizations need to do to meet them.