Generation privacy has begun
In the last 12 months, data privacy has moved from a niche topic to something talked about at almost every corporation’s board meeting.
The EU GDPR, which came into force on May 25th, 2018, covers data held on any EU citizen and enforced new accountability for organizations processing personal data.
With the legislature passing the California Consumer Privacy Act 2018 (AB 375) on June 29th 2018, there are now a similar set of rules governing most organisations holding data on US Citizens.
Digital Cyber simplifies compliance with the California Consumer Privacy Act (CCPA) by getting right to the heart of the matter: Finding, Mapping and Managing your data.
How Digital Cyber can help with CCPA
Data Mapping & Inventory
Data Subject Access Requests
Right To Be
Meet the Personal Data Privacy dashboard
Digital Cyber’s Privacy dashboard provides a top-down view of your organisation’s information in relation to the EU GDPR and California Consumer Privacy Act (CCPA).
It shows a comprehensive picture of all the data held which is relevant to these laws, where it is held and its characteristics.
This view will take your organisation beyond spreadsheets and interviews, and into the realm of making well-informed decisions, rapidly.
Where Do I Start
Preparing for CCPA will share many characteristics with those undertaken for GDPR:
Assemble the team: Include Executive Sponsors and stakeholders from Legal, Compliance or your data privacy team, people with oversight of you corporation’s technology and it’s security and representatives from the key personal data owners in your business (e.g. HR, Sales, Marketing, Customer Service).
Get started with a data inventory. Prioritize information stores likely to contain personal data and those with poor governance. Be practical, start with those that are easy to create an inventory form.
Don’t rely on your corporation’s answers to questionnaires for your data inventory, or you will get an idealistic view of your risk (your head of marketing is likely to say the personal data they process is in the marketing system, forgetting that it got there via email and has been exported into spreadsheets). You will need technology to do this effectively (and we can help!)
Establish a culture of security and privacy and ingrain this into your day-to-day operations. Communicate a simplified overview of CCPA to the key stakeholders.
Create and practice your business processes that will be required to satisfy the rights of the individual (Access to data, erasure, breach notification).
CCPA versus GDPR
There are many similarities and some key differences between GDPR and CCPA. Here is Digital Cyber’s take:
|Basis for consent||Opt in||Opt out|
|Who it applies to||Any organisation holding personal data on EU citizens||For-profit entities that process personal data of California residents and either:
1. Do $24 million in annual revenue
2. Hold the personal data of 50,000 people, households, or devices
3. Do at least half of their revenue in the sale of personal data.
|Rights for individuals||Access to data being held, right to erasure, correction, object to automated processing. Right to notification if there is a data breach.||Right to disclosure and objection relating to who data is being sold to, no discrimination if individual objects to data sold. Right of access to data being held. Right to know how personal data is being used. Right to know who data has been provided to.|
|When does it come into force||May 25, 2018||Jan 1, 2020|
|Financial Penalties||4% of turnover or €20m (whichever is greater)||$7,500 per violation. $750 or actual damages for each individual, whichever is greater|
|Time allowed to respond to a request||1 month||45 days|
NB, California resident is defined as, “(1) every individual who is in the State for other than a temporary or transitory purpose, and (2) every individual who is domiciled in the State who is outside the State for a temporary or transitory purpose.
Follow the link below to read the full California Consumer Privacy Act text.
The legislature passing of the California Consumer Privacy Act 2018 (AB 375) happened on June 29th 2018, and these new rules will now govern most organisations holding data on US Citizens.