CCPA 2020 Compliance Templates
Derek Coleman12/18/2019 8:59:06 AM 12/27/2019 6:54:36 AM
When do you need to comply with the California CCPA? The new CCPA amendments to California Civil Code goes into effect on January 1, 2020. Since the European Union General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR) took effect on May 25, 2018, and replaced the EU Directive and its member states started implementing the laws. On June 28, 2018, California became the first U.S. state with a comprehensive consumer privacy law when it enacted the California Consumer Privacy Act of 2018 (CCPA) with a few exceptions (Cal. Civ. Code § 1798.100-1798.199).
Therefore, businesses need to have their data controlling systems in place, since it gives consumers the right to request all the Personal Information (PI) that a company has collected on them during 2019. Given their comprehensiveness and broad reaches, each law may have a significant impact on entities that collect and process personal information/data.
Check out this fit-for-purpose CCPA Compliance Toolkit templates here:
The CCPA will impact many businesses and business activities not previously subject to privacy regulations in the United States. The law is not limited in scope to entities that have physical operations in California; including any for-profit entities “doing business” in California and that collects consumers' personal information, and satisfies at least one of these thresholds:
- gross annual revenue in excess of USD$25 million;
- possesses the personal data of 50,000 or more consumers, households, or devices;
- or earns more than half of its annual revenue from selling consumers' personal data;
- annually purchase, receive for commercial purposes, sell or share for commercial purposes personal information of 50,000 or more California consumers, households or devices;
- derives 50% or more of their annual revenues from selling California consumers’ personal information.
What steps to take to become CCPA Compliant?
- Verify that CCPA applies to your business;
- Inspect which data elements are collected of residents covered by CCPA;
- Document and Organize CCPA PI (Personal Information) should be handled;
- Update website home page;
- Ensure Process in Place that documents and collects all PI data being stored;
- Setup Accountability, Response, and Collection Process to handle "Request for PI";
- Create policies that reconcile the CCPA’s requirement to delete data upon request (incl. need to preserve evidence in litigation and avoid sanctions for spoliation of evidence);
- Setup process to respond on and process "Request for Deletion";
- Setup "right to Opt-in" for Minors;
- Provide Employee Training;
- Review existing contracts with third parties regarding the usage of PI;
- Ensure that consumers protected by CCPA have the right to equal service and price;
- Setup Incident Response Plan;
- Consider a responsible Project Manager to implement the changes like an Information Protection Officer or Data Protection Officer (Not required by CCPA).
If you wish to start your journey to become GDPR Compliant today, then you also should check out this
Free CCPA Compliance Roadmap Gantt Chart template:
Get ready for CCPA! Below we collected the following CCPA templates for you, to help you become compliant:
Is your organization already CCPA proof? Do you need to implement an Information Protection Impact Assessment Log? Make sure to have a look at this Excel spread