From January 1, 2020, the CCPA will protect the privacy of consumers based in California, one of the most populous states in the United States. Companies that infringe upon it can risk consumer backlash and huge fines, so it’s important you don’t let this one slip past. Read on to find out more!
What Is the CCPA?
As the name suggests, the CCPA is designed to protect consumers in California. From January 1, 2020, companies will be required to be transparent about the personal information they collect, sell, and disclose, and they must detail how it is used.
Consumers will have the right to access and request the categories and specific information that companies collect about them, and they can request the deletion of personal information that a company holds. Plus, for companies that sell or disclose consumers’ personal data, they must disclose the identity of third parties they sell to.
Consumers also have the right to opt out of the sale of their data and must not be discriminated against for doing so (e.g., consumers cannot be charged different prices or rates for exercising their CCPA rights).
Who Exactly Does the CCPA Impact?
The CCPA applies to companies that collect personal information of Californian residents, do business in California, and:
- Have annual gross revenues of $25 million+;
- Or buy, sell, or share for commercial purposes personal information of 50,000 or more consumers, households, or devices;
- Or earn 50%+ of annual revenues from the sale of personal information.
Since tech companies based in California profit from selling customer data to advertisers, the CCPA met with their disapproval. Many companies made efforts to delay the law as much as possible. Nevertheless, the CCPA comes into effect at the beginning of next year, enhancing privacy rights and consumer protection for people living in California.
What Is the Difference Between the CCPA and GDPR?
Being GDPR compliant doesn’t necessarily mean you are CCPA compliant. However, you might have already met some of the CCPA requirements because these two regulations overlap (and, of course, diverge). To put it simply, the GDPR grants consumers the rights to object to direct marketing and restrict the processing of their data, and the CCPA provides consumers with the right to object to the sale of their data.
What Is the Cost of Non-Compliance?
In addition to the PR nightmare that could follow non-compliance, companies can face a civil penalty of up to $2,500 per violation and up to $7,500 per intentional violation. This means that if you violate the CCPA-guaranteed right of just 100 users, you could be fined up to three-quarters of a million dollars.
What about Kentico and the CCPA Compliance?
We take the privacy of our customers very seriously, so Kentico provides functionality that helps you comply with the CCPA. To facilitate compliance with various legislations, you can leverage the Data Protection application. However, the features included still require exact knowledge of how your company gathers, processes, and stores personal data. Your developers need to implement the functionality based on the specifics of your website and the legal requirements you want to fulfill. To get more info, you can read all about how we handle data and privacy here.
If you want to get started with a product that helps you achieve compliance with the CCPA, you can request a demo today.