So You’re Compliant with GDPR; Time to Get Ready for The California Consumer Privacy Act (CCPA)
If you thought EU’s General Data Protection Regulation was demanding, wait until you see The California Consumer Privacy Act (CCPA).
2018 was the year of EU General Data Protection Regulation (GDPR), and the risk of financial penalties for a data breach went up dramatically, not just for the EU, but for the world. Those who did not get ahead of the new law thought the Information Commissioner’s Office (ICO) would not enforce GDPR… they were quite mistaken. To date, the ICO has issued 73 monetary penalties, 31 enforcement notices, and 13 prosecutions. Based on the current business climate, I would venture to say that the California Consumer Privacy Act (CCPA) is going to be just as impactful, if not more.
With California being the 5th largest economy in the world, it’s no surprise that they are implementing their own privacy act. The CCPA goes into effect on January 1, 2020, with enforcement scheduled to go into effect on or before July 1, 2020. I remember lots of buzz around GDPR, some “hurry up and wait,” and then eventually action. I think CCPA will unfold similarly.
Baker Hostetler, one of the nation’s largest law firms, put together a wonderful CCPA and GDPR Comparison Chart that compares the two regulations to one another that any size company can benefit from.
One significant and critical similarity between the two regulations is that they both call for data encryption and makes clear that businesses need to make this new law a top priority. If a company experiences a data breach, but the data is encrypted, (meaning it is unintelligible), then that company’s obligations are reduced, and they are not required to notify people involved in the data breach. There will be many changes as a result of the CCPA and staying proactive in your company’s approach to handling data will become an increasingly important part of your business strategy.
To learn more about ETHIX360 and how we can help, please visit www.ethix360.com.
The ETHIX360 blog brings you weekly updates on all things human resources and compliance.
MEET THE AUTHOR
Stephanie Farmer is a seasoned ethics and compliance (E&C) professional. She has earned an MA in both Business and Professional and Applied Ethics and is a graduate of The Ethics & Compliance Initiative Managing Ethics in an Organization Program. Prior to and during her E&C career, Stephanie served in the United States Marine Corps Reserves and the North Carolina Air National Guard.
ABOUT ETHIX360
At ETHIX360, our goal is simple: to provide an affordable, flexible, and comprehensive answer to employee communication, policy management, corporate training and case management on issues related to corporate ethics, code of conduct, fraud, bribery, and workplace violence.
