THE CALIFORNIA CCPA DATA PRIVACY LAW

Get compliant today

BOOK A FREE CONSULTATION

By submitting this form, you consent to be contacted about products and services from members of Relentless. Relentless is committed to safeguarding your privacy. If you require  further  information on how we collect and use your personal data, please read our Privacy Policy

THE CALIFORNIA CCPA DATA PRIVACY LAW

California CCPA  Privacy Act

The CCPA is the beginning of “America’s GDPR.” Similar to the GDPR, the CCPA will require organizations to focus on user data and provide transparency in how they’re collecting, sharing and using such data. But to what extent can a company extend its GDPR capabilities into its California operations to prepare for CCPA? Certain CCPA requirements overlap with the existing GDPR individual rights requirements, which may give GDPR-ready organizations a jump start on building a capability around user-data handling practices. Still, several policies, processes and systems will still need updating to address differences between the two laws.

Is your business going to be affected by the CCPA?

First and foremost, the CCPA only applies to for-profit companies. These companies must collect and process personal information of Californians, but do not need to maintain a physical location in the state. The business must comply with CCPA requirements if it meets even ONE of the following criteria:

  • The business must generate annual gross revenue in excess of $25 million;
  • The business must receive or share personal information of more than 50,000 California residents annually; or
  • The business must derive at least 50 percent of its annual revenue by selling the personal information of California residents.

1) Assess the CCPA’s applicability to your business 

Determine whether your business falls within the scope of the CCPA. The CCPA applies to businesses that: 

  • Collect California consumers’ personal information and either have annual gross revenues in excess of $25m 
  • Process the personal information of 50,000 or more California consumers, households, or devices 
  • Derive 50% or more of their annual revenues from selling California consumers’ personal information 

Note that the CCPA has broad applicability and protects the information of California residents (not only when they are present in California). This means that certain “geofencing” strategies that were used to avoid the applicability of the GDPR may not be sufficient in the case of the CCPA. 

Data Controller

  • For-profit controllers that meet the following thresholds:
  •  Annual gross revenue over $25M.
  • Buys/sells or receives/shares for “commercial purposes” the data of 50,000 California residents.
  • Derives 50 percent of revenue from “selling” personal data of California residents.
    If a controller qualifies under the thresholds, parent companies and subsidiaries in the same corporate group operating under the same brand also qualify.

Data Processor

A “service provider” is a for profit entity that acts as a processor to a “business” and that receives the data for “business purposes” under a written contract containing certain provisions. 
In addition, the CCPA uses the term “third party” to refer to entities that are neither business nor service providers.

Privacy Notice /
Information Right

Businesses must inform consumers
about:

  • The personal information categories
    collected.
  • The intended use purposes for each
    category.

Further notice is required to:

  • Collect additional personal information categories.
  • Use collected personal information or unrelated purposes.

The CCPA requires that businesses
provide specific information to
consumers and establishes delivery
requirements.
Third parties must also give consumers
explicit notice and an opportunity to
opt out before re-selling personal
information that the third party acquired
from another business

The California AG may bring actions for civil penalties of $2,500 per violation, or up to $7,500 per violation if intentional.
However, the CCPA also grants
businesses a 30-day cure period for
noticed violations.

Relentless Your CCPA Partner of Choice

Relentless Privacy and Compliance Services provides quality, cost-effective compliance, assurance and global privacy maturity services to companies of all sizes.

 

Through the use of technology and our centralized, streamlined structure, we are able to serve our clients in the timeliest manner and with the highest level of efficiency. And because of our unique model and approach, we are able to deliver this exceptional service at highly competitive rates.

 

We have 20+ years of compliance and assurance experience and are committed to providing a personalized and responsive service.

With a tailor-made approach, we work with our clients in executing each project to their specific need and help maximize the long-term business value of their compliance and privacy assurance strategies ensuring their global operations remain within the law.

Relentless CCPA Service What's Included?

Our California CCPA Service Includes the Following Assessment

  • CCPA Assessment
  • Dedicated DPO
  • Unlimited Support Calls
  • Unlimited Email Support
  • Data Mapping
  • Record of Processing Activities
  • Subject Access Request Service
  • Data Risk Assessments
  • Data Breach Support
  • Data Protection Policy Writing
  • CCPA Data Privacy Framework Design
  • CCPA Privacy Maturity Gap Analysis and Remediation Report
california ccpa

BOOK A FREE CONSULTATION

At relentless we have helped companies from startups to PLC’s our
services are rich, comprehensive, and built for every budget

error: Content is protected !!