2B Advice PrIME for CCPA Compliance
Have you begun your journey to CCPA compliance? The California Consumer Privacy Act, or CCPA, creates a number of new rights for consumers and considerable compliance concerns for businesses with connections to California and its residents. Create a culture of privacy and ensure your company becomes and stays compliant with the new California Consumer Privacy Act by using CCPA compliance software from 2B Advice.
2B Advice brings deep legal expertise combined with the excellence of German engineering to empower companies with the knowhow, training, and technology that they need to meet today’s changing privacy environments. Our goal is to make meeting all CCPA compliance requirements simple and stress-free for you. Our easy-to-use 2B Advice PrIME software puts the power of compliance in the hands of your employees.
2B Advice PrIME is comprehensive privacy management and compliance software that places the power of managing policies, processing activities, internal and external assessments, data type tracking, reporting, compliance, employee training, policy generation, data subject request management, risk mitigation, and reporting at your fingertips. 2B Advice PrIME provides the everyday usability, performance, and functionality for legal, marketing, security, compliance, risk managers, data protection officers, and other users to manage a growing number of privacy regulations around the globe, including CCPA regulations.
What is CCPA?
The California Consumer Privacy Act (CCPA) is a state law that applies to for-profit companies that do business in California.
“I think part of the misconception is around who is covered by CCPA; the nexus is the California Consumer, not the location of the business” – Mary Stone Ross, Privacy Advocate and Co-Author of the California Consumer Privacy Act
There are the three types of companies doing business in California that are covered by CCPA:
- Companies with more than $25 million in gross revenue
- Businesses with data on more than 50,000 consumers, households or devices
- Business that derive more than 50 percent of their annual revenues selling consumer data (i.e. data brokers)
CCPA affords consumer rights under the law including disclosure about personal information being collected about them, access to that information, right to deletion, and the right to opt out of the sale of their information.
When does CCPA go into effect?
The CCPA law goes into effect January 1, 2020. If you are a business under CCPA, on January 1, you need to have your data tracking systems in place and to be able to comply with a right to know request on data collected on them over the previous 12 months. That means you have to know what information you have, and put in place a system that can send it to the consumer. The California attorney general shall not bring an enforcement action until 6 months after the publication of such regulations or July 1, 2020.
What are CCPA penalties for non-compliance?
The CCPA will be enforced by the California Attorney General, who may pursue statutory penalties which can go up to $7,500 per violation. The Act also provides for a private right of action in specific circumstances. For instance, if “non-encrypted or non-redacted” consumer information is compromised because of a failure of reasonable security, a consumer may bring a legal action for statutory damages ranging from $100 to $750 per violation or actual damages, whichever is greater.
What is the difference between GDPR and CCPA?
Though modeled after the GDPR, which went into effect May 2018, there are both similarities and differences that should be understood between CCPA requirements and GDPR. To learn more, download our easy to read side by side comparison.
One of the distinctions between the (GDPR) and the California Consumer Privacy Act (CCPA) is the definition of a Data Protection OfficerCCPA Requirements for 2020 for Businesses
5 Amendments clear up ambiguities around the CCPA requirements for 2020 for businesses.Schrems II Case: International Data Transfers Statement
Schrems II Case: The Court of Justice of the European Union (CJEU) Advocate General (GA) released his opinion on data transfers.