How to Prepare for ‘California’s GDPR’

by Pushpa Ithal | Aug 21, 2018 | Social Media Marketing | 0 comments

These 4 letters, GDPR, have probably been floating around your inbox over the past few months and have likely caused an increase in pop-up windows asking for your approval to use cookies and collect your data.

Not too long ago we published a blog post about The Buzz About GDPR and what marketers need to know to comply with GDPR.

And now we want you to know how to prepare for ‘California’s GDPR,’ AB 375. This new assembly bill was passed in late June 2018 and it takes effect in January 2020. Theoretically though, organizations should implement CCPA-compliant practices by January 1, 2019. This will allow consumers to request up to 12 months of personal data that the company has previously collected about them.

What is the CCPA:

The general purpose of the California Consumer Privacy Act (CCPA) is similar to the EU’s GDPR; increased consumer privacy. CCPA allows consumers to request any information that a company has obtained about them. Even if a data breach has not occurred, consumers have the right to sue a company if privacy policies are violated.

So, who does CCPA affect?

CCPA applies to companies that meet the following criteria:

– Earn at least $25 million in annual revenue;
– Have personal data on at least 50,000 households, individuals, or device;
– Earn 50% or more annual revenue from consumer personal data

Companies do not need to be based in California or the U.S. for that matter to fall under CCPA. Specific exemptions apply to healthcare providers and others.

What changes do Marketers need to implement?

Under the CCPA, consumers have additional rights pertaining to their data, including the power to request customer data. To comply, marketers must be prepared to…

– Share what information you collect on them
– Disclose to whom you have sold or shared their information
– Cease the sale of their personal information (“the right to opt out”)
– Delete their personal information
– Provide equal service and/or price even when they invoke their rights

CCPA does not explicitly require consumers to opt-in to allow you to collect their data, which is a critical difference from GDPR.

A company that is found to be not in compliance with CCPA has up to 30 days to remedy the violation, or be faced with a $7,500 fine per record.

While organizations have quite some time to prepare for these process and regulatory changes, it is critical to comply with CCPA to avoid hefty fines. Here are multiple steps that organizations can prepare in order to comply: