In the last 12 months, data privacy has moved from a niche topic to something talked about at almost every corporation’s board meeting.
The EU GDPR, which came into force on May 25th, 2018, covers data held on any EU citizen and enforced new accountability for organizations processing personal data.
With the legislature passing the California Consumer Privacy Act 2018 (AB 375) on June 29th 2018, there are now a similar set of rules governing most organisations holding data on US Citizens.
Exonar simplifies compliance with the California Consumer Privacy Act (CCPA) by getting right to the heart of the matter: Finding, Mapping and Managing your data.
How Exonar can help with CCPA
Meet the Personal Data Privacy dashboard
Exonar’s Privacy dashboard provides a top-down view of your organisation’s information in relation to the EU GDPR and California Consumer Privacy Act (CCPA).
It shows a comprehensive picture of all the data held which is relevant to these laws, where it is held and its characteristics.
This view will take your organisation beyond spreadsheets and interviews, and into the realm of making well-informed decisions, rapidly.
Where Do I Start
Preparing for CCPA will share many characteristics with those undertaken for GDPR:
Assemble the team: Include Executive Sponsors and stakeholders from Legal, Compliance or your data privacy team, people with oversight of you corporation’s technology and it’s security and representatives from the key personal data owners in your business (e.g. HR, Sales, Marketing, Customer Service).
Get started with a data inventory. Prioritise information stores likely to contain personal data and those with poor governance. Be practical, start with those that are easy to create an inventory form.
Don’t rely on your corporation’s answers to questionnaires for your data inventory, or you will get an idealistic view of your risk (your head of marketing is likely to say the personal data they process is in the marketing system, forgetting that it got there via email and has been exported into spreadsheets). You will need technology to do this effectively (and we can help!)
Establish a culture of security and privacy and ingrain this into your day-to-day operations. Communicate a simplified overview of CCPA to the key stakeholders.
Create and practise your business processes that will be required to satisfy the rights of the individual (Access to data, erasure, breach notification).
CCPA versus GDPR
There are many similarities and some key differences between GDPR and CCPA. Here is Exonar’s take:
Basis for consent
Who it applies to
Any organisation holding personal data on EU citizens
For-profit entities that process personal data of California residents and either:
Do $24 million in annual revenue
Hold the personal data of 50,000 people, households, or devices
Do at least half of their revenue in the sale of personal data.
Rights for individuals
Access to data being held, right to erasure, correction, object to automated processing. Right to notification if there is a data breach.
Right to disclosure and objection relating to who data is being sold to, no discrimination if individual objects to data sold. Right of access to data being held. Right to know how personal data is being used. Right to know who data has been provided to.
When does it come into force
May 25, 2018
Jan 1, 2020
4% of turnover or €20m (whichever is greater)
$7,500 per violation. $750 or actual damages for each individual, whichever is greater
Time allowed to respond to a request
NB, California resident is defined as, “(1) every individual who is in the State for other than a temporary or transitory purpose, and (2) every individual who is domiciled in the State who is outside the State for a temporary or transitory purpose.
The Definitive, Easily Searchable Text
Follow the link below to read the full California Consumer Privacy Act text, with each section clearly marked and searchable.
The legislature passing of the California Consumer Privacy Act 2018 (AB 375) happened on June 29th 2018, and these new rules will now govern most organisations holding data on US Citizens.