If you thought EU’s General Data Protection Regulation was demanding, wait until you see The California Consumer Privacy Act (CCPA)

2018 was the year of EU General Data Protection Regulation (GDPR), and the risk of financial penalties for a data breach went up dramatically, not just for the EU, but for the world. Those who did not get ahead of the new law thought the Information Commissioner’s Office (ICO) would not enforce GDPR… they were quite mistaken. To date, the ICO has issued 73 monetary penalties, 31 enforcement notices, and 13 prosecutions. Based on the current business climate, I would venture to say that the California Consumer Privacy Act (CCPA) is going to be just as impactful, if not more.

With California being the 5th largest economy in the world, it’s no surprise that they are implementing their own privacy act. The CCPA goes into effect on January 1, 2020, with enforcement scheduled to go into effect on or before July 1, 2020. I remember lots of buzz around GDPR, some “hurry up and wait,” and then eventually action. I think CCPA will unfold similarly.

Baker Hostetler, one of the nation’s largest law firms, put together a wonderful CCPA and GDPR Comparison Chart that compares the two regulations to one another that any size company can benefit from.

One significant and critical similarity between the two regulations is that they both call for data encryption and makes clear that businesses need to make this new law a top priority. If a company experiences a data breach, but the data is encrypted, (meaning it is unintelligible), then that company’s obligations are reduced, and they are not required to notify people involved in the data breach. There will be many changes as a result of the CCPA and staying proactive in your company’s approach to handling data will become an increasingly important part of your business strategy.

To learn more about ETHIX360 and how we can help, please visit www.ethix360.com.


Stephanie Jenkins is the Chief Compliance Officer at ETHIX360. At ETHIX360, our goal is simple, to provide an affordable, flexible and comprehensive answer to whistleblower/ hotline and case management on issues related to human resources, corporate ethics, code of conduct, fraud, bribery, conflicts of interest and safety to name a few. To stay up-to-date on the latest compliance and HR related news follow us on Twitter @ethix360, on Facebook or LinkedIn