California GDPR: What Needs to be Done in 2020

cali (3)_LI

On January 1st 2020, the California Consumer Privacy Act (CCPA) of 2018 will go into effect for the State of California. Compared to Europe’s General Data Protection Regulation (GDPR), the act creates a standard of protection in which tech companies and those that collect personal data as part of their business model must abide by to protect their customers.

The general guidelines include protecting people from their data from being stolen or compromised. Among the major regulations, consumers have:

  1. the right to know, through a general privacy policy and with more specifics available upon request, what personal information a business has collected about them, where it was sourced from, what it is being used for, whether it is being disclosed or sold, and to whom it is being disclosed or sold;
  2. the right to “opt out” of allowing a business to sell their personal information to third parties (or, for consumers who are under 16 years old, the right not to have their personal information sold absent their, or their parent’s, opt-in);
  3. the right to have a business delete their personal information, with some exceptions; and
  4. the right to receive equal service and pricing from a business, even if they exercise their privacy rights under the Act.[1]

As it stands, only certain companies will be affected by the new regulation. All of the companies affected involve business in the State of California. They must have; have $25 Million in gross annual revenue; or annually buy, sell and receive for commercial purposes personal information of 50,000 Californian; or derive 50% of their annual revenue from selling said information. One company that will clearly come under this act would be Facebook as it makes moving that data around their business model.

If you do a lot of business in California, you must understand the new law and be prepared for it to come into effect. Though it will be changed in the months leading to the effective date, it pays to be prepared to deal with this Act now.




GDPR, professional liabilty

Recent Posts


See all