Solutions & services for GDPR and CCPA compliance Read More

Solutions & services for GDPR and CCPA compliance Read More

X Close

California Consumer Privacy Act (CCPA)

California Consumer Privacy Act (CCPA)

California Consumer Privacy Act (CCPA)

Also known as AB 375, the California Consumer Privacy Act of 2018 was passed in California and is anticipated to go into effect on January 1, 2020. The Act focuses exclusively on data collection and privacy, very similar to the European Union’s General Data Protection Regulation (GDPR). A few key components of the Act give residents of California the right to:

  • Know what personal data is being collected
  • Request details on how their data is being processed
  • Access their personal data
  • Request to have their personal data deleted
  • Know whether their personal data is sold or disclosed to third parties
  • Decline or opt-out of the sale of their personal data

Does CCPA apply to my company?

CCPA applies to companies that:

  • Have a gross annual revenue of at least $25 million (or)
  • Are a data broker or other business that buys, sells, or shares personal data of 50,000 or more consumers, households, or devices (or)
  • Get the majority of their annual revenue from selling consumers’ personal data

What are the potential consequences for violating the CCPA?

The Act gives residents of California the ability to bring a civil action against companies that violate the Act, and states that fines could be between $100-750 per violation – or higher, if more damage can be proven. In addition, the state of California can bring charges against a noncompliant company directly. Those fines could be up to $7,500 for each alleged violation not resolved within 30 days.

My business isn’t located in California. Why should I be concerned?

Well, California by itself is the 5th largest economy in the world. If you do business in California or collect data from California residents you need to comply. So, ignoring the California statues and marketplace regulations is unlikely to be an option. There’s good news however – the CCPA is largely in line with GDPR, so if your business is GDPR compliant, you’re probably in good shape for CCPA.

The landscape of privacy regulations is only getting more stringent. More regulations and legislation are coming –  in fact, a separate bill in California (AB 2546) is still under consideration to strengthen anti-spam laws. Be smart about your data collection and adopt a policy of “privacy by design.”

How we can help

Maintaining compliance with the growing data and privacy regulations across the globe is daunting. PossibleNOW’s sister company, CompliancePoint, provides the following consulting services related to CCPA

  • Determine if and how the CCPA legislation applies to you
  • Conduct a data mapping process to locate data and document how it is used
  • Establish what you should be doing today to prepare for CCPA
  • Improve your overall security and compliance position

Our MyPreferences platform collects, manages and distributes customer consent across your organization so that all systems remain up-to-date. It was built with Privacy by Design which enables it to easily accommodate ever-changing privacy regulations. MyPreferences helps companies comply with CCPA by:

  • Informing consumers of the personal information being collected and its intended use
  • Allowing consumers to access, update and delete their personal data
  • Providing a way for consumers to opt-out of the sale of their personal data

MyPreferences maintains an audit trail of all consent transaction records so that you can easily respond to inquiries.

Get the Research report on Privacy Support Providers


  • Twitter
  • RSS
  • YouTube
  • LinkedIn