CCPA

Five key requirements for the California Consumer Privacy Act

Requirement violations include penalty thresholds that may expose large California-based businesses to substantial risk. Both organizations with existing privacy capabilities, such as those developed for General Data Protection Regulation (GDPR) compliance, and those without any previous preparation may need the entire grace period before the deadline to deploy necessary capabilities. Our road map illustrates how companies can achieve CCPA readiness by 2020.

Companies serving or employing California residents may find these five CCPA requirements have the biggest impact on their business plans:

1. Data inventory and mapping of in-scope personal data and instances of “selling” data
2. New individual rights to data access and erasure
3. New individual right to opt-out of data selling
4. Updating service-level agreements with third-party data processors
5. Remediation of information security gaps and system vulnerabilities

Comparison of key GDPR and CCPA requirements

The CCPA is the beginning of “America’s GDPR.” Similar to the GDPR, the CCPA will require organizations to focus on user data and provide transparency in how they’re collecting, sharing and using such data. But to what extent can a company extend its GDPR capabilities into its California operations to prepare for CCPA? Certain CCPA requirements overlap with the existing GDPR individual rights requirements, which may give GDPR-ready organizations a jump start on building a capability around user-data handling practices. Still, several policies, processes and systems will still need updating to address differences between the two laws

Let Us Help You Achieve Compliance

Regents & Park consultants have been helping customers comply with State and Federal business and privacy regulations for more than a decade.

Working as either a full-service consultant, or as an adjunct to your in-house teams, Regents & Park will execute our phased compliance readiness process to ensure that your business meets or exceeds your compliance requirements.

Services include:

• Developing a Compliance Roadmap including the specific steps needed to achieve compliance.
• Creating a comprehensive information security policy.
• Performing an assessment to determine current level of regulatory compliance.
• Providing remediation for vulnerabilities detected on your systems.
• Deploying security infrastructure to protect California resident’s data.
• Encrypting your company’s laptops and other mobile devices.
• Securing your primary security infrastructure, including firewalls, VPN access, anti-phishing, and tools to protect against malicious code.