After a massive data breach in mid-2018 affected 500,000 flyers, all eyes were on British Airways to see how GDPR penalties would be assessed against the company. And now we know the end result: British Airways was fined $230 million.
This is the largest penalty we’ve seen from GDPR to date, and it has set a heavy precedent. In the wake of GDPR, experts predicted that other governments would come out with their own data privacy laws — and it’s starting already with California.
For businesses whose operations include customers in Europe and the US, it’s critical to be in compliance not only with GDPR but also the upcoming California Consumer Privacy Act (CCPA), which is set to become law on January 1, 2020.
Read on to understand the risks of failing to be compliant, and steps you can take to get up to speed with data privacy legislation.
What We Know About CCPA
The letter of the law is still being finalized, but here are the details so far according to The National Law Review:
- The rules apply to any company doing business in California with over $25 million in annual revenue or information on 50,000 or more California households.
- CCPA expands the previous definition of “personal information” and requires companies to be more transparent about how they’re collecting and leveraging digital data.
- If the rules are not followed, fines start at $2,500 per violation and go up significantly from there.
Note: it may be difficult — or impossible — to ascertain where your consumers actually reside, so it is wise for any company that does business in the United States to abide by CCPA.
Why Your Business Cannot Ignore CCPA
After enforcement ramps up, non-compliance will become a significant financial liability for businesses affected by CCPA — and fines are just the start. Your company is at greater risk of a data-related incident (such as a breach) if you fail to comply with CCPA. Recovering from these incidents is expensive in terms of business interruptions, emergency IT assistance, and resulting lawsuits. Beyond that, data breaches damage the reputation of a company long-term, leading to incalculable amounts of lost revenue.
CCPA creates a powerful incentive for companies to follow best practices and treat data security seriously, lowering the risk of data breaches and unhappy customers in the process.
While it may seem overwhelming to keep up with these evolving regulations, CCPA is something companies should embrace not only to avoid fines, but also to serve the interests and demands of their consumers. Consumers are expecting more from brands they use and trust when it comes to providing transparency into how their data is managed. Informed consumers can — and have — started to make purchase decisions based partially on data privacy and security.
It’s smart to be proactive. It is likely that this won’t be the last state or other government agency to release its own data protection law. Getting compliant with data privacy best practices puts your company in a good position for the future.
Start consulting with your legal team immediately. These rules go into effect soon, so now is the time to explore the impact on every aspect of your operations.
Helpful Resources to Get Ready for CCPA
Every company collects, stores, and utilizes data a little differently, so there is no one-size-fits-all method to get compliant. Plus, lawmakers are still ironing out details that will affect how companies can (and must) handle their data.
Here’s what we recommend:
- Review this comparison chart and this resource describing GDPR vs CCPA. Familiarize yourself with the two laws. Both of the resources we’ve linked to come from publishers that have written extensively about California’s new legislation; it’s a good idea to check back with them often for updates and reference points.
- Talk to your legal team. The importance of this cannot be overstated. Your lawyers will know what’s best for your business and can give you insight on how CCPA affects you.
- Once you have personalized recommendations from your legal team, partner with an expert technology consultant like RelationEdge. We offer pre-packaged solutions to guide you through compliance and update your tools and platforms accordingly. Our experienced engineers and architects can help you determine what essential questions to ask your legal team and how to move forward with the information they give you.
How RelationEdge Can Support You with CCPA and GDPR
Making the technical changes necessary to comply with CCPA is key. Rather than overextending your IT resources or risking non-compliance, partner with RelationEdge to implement the data protection processes and practices your legal team has identified for your business. You can also contact us if you need help identifying what questions to ask your team.
Our pre-packaged data privacy solutions give you a starting point to ensure you’re capturing the required information. From there, we partner with you to understand your unique business processes to ensure your compliance needs are met.
RelationEdge is a team of professionals that can help guide you as you get ready for CCPA — and any future data protection laws that arise. We’ll help you ensure you approach data privacy in a way that makes the most sense for your business and that you’re being paired with the solution that will work for you long term.
Contact us today to start a conversation.