Who doesn’t know about the California Consumer Privacy Act (CCPA) compliance? Organisations are undoubtedly busy in taking precautionary measures because less than four months are remaining for CCPA to come into effect. The clock is ticking faster and warning the cybersecurity to prepare.
The California Consumer Privacy Act is an essential part of US privacy legislation, but it is entirely predictable that it will not last long. The reason is the bills are already present in the works in Washington, Hawaii, Massachusetts, New Mexico, Rhode Island, and Maryland. The CCPA framework resembles the European Union General Data Protection Regulation (GDPR). But two bills can’t have the same rules; therefore, there are slight differences amid them.
GDPR has imposed its hefty fines on many, but there is one thing which is taught us is, companies didn’t give themselves enough time to prepare for this regulation. Several pieces of research stated that companies don’t know how much time and money it takes to be a complaint. When CCPA is about to take action on January 1, 2020, the steps which you will read in this blog will help you with a sustainable compliance program. So let’s crack on those six actionable steps to procure CCPA compliance.
2) Notification Banner Implementation
3) Build your data inventory
Sustained compliance is a continuous process that demands granular visibility into dynamic business systems. Manually conducted surveys and questionnaires can build data inventory. But, these are time-consuming, error-prone and immediately outdated. Moreover, it is harder without additional processes to update, when new systems come online. Companies seeking sustainable compliance must create solutions to integrate business systems for streamlining the response to California consumer privacy rights.
4) Establish a workflow to respond to consumer rights requests
The CCPA rights could introduce another tedious process in your to-do list, only if your company is not preparing by integrating its business systems. To manage these privacy requests manually requires complex data inventories to appraise owners of multiple systems that data needs to be deleted. It can be converted into an expensive process ever since legal counsel is constantly managing these requests.
5) Hard deletes aren’t easy
The right to be deleted is the main difference between hard delete and soft delete. Soft delete is removing information from a dashboard, but no one can say that it has been deleted from the processor. A hard delete requires an email send to the processor to make sure the data deletion process is completed, both by their sub-processors and by them. This is also a monotonous manual process when business systems are un-integrated.
6) Third-party providers
After witnessing the hard deletes, it is mandatory to confirm that providers and partners of third-party service, that store protected data have also implemented on this entire sustainable compliance model. Implement on the contractual obligation, like data privacy agreement. The reason is to make sure that your partners are working on your company’s standards. If your service providers haven’t completed their data inventories, do help them.
Before coming into effect on January 1, 2020, the CCPA has created plenty of new compliance requirements for businesses. Reduce the stress and take an edge by preparing in advance. The keys to success are finding solutions and figuring out where data lies internally. It is useless to procrastinate compliance; people have already seen enough through GDPR.
Your Compliance solution