In previous blogs, we’ve shared initial information about the California Consumer Privacy Act (CCPA), which is the first comprehensive data privacy law issued by any state, and the European Union’s already-issued General Data Protection Regulation (GDPR).
Is your business impacted? If you collect any type of personal data on Californians or citizens of the EU (even if they aren’t currently living there), it’s likely. Think items such as IP addresses, internet cookies, email addresses, any location information, medical data and more.
To better understand and initially assess the potential impact on your own business, take the time to read Are You Ready for the New Year? What You Need to Know About Consumer Privacy as well as What You Need to Know About GDPR.
WHAT SHOULD YOU BE DOING NOW?
The GDPR is already in effect. The CCPA becomes effective January 1, 2020. So what should you be doing right now to get ready?
If you’ve already updated processes to follow the GDPR, you’re a bit ahead of the game, as the CCPA replicates many of the same requirements defined by the GDPR. However, the definition of “personal data” has been expanded in the CCPA with additional categories added. There are also more restrictions on the sharing of data with third parties.
That means step one is reviewing the legislation and creating a checklist of all potential points of information exchange and required protection.
Step two necessitates a comprehensive review of current business processes and creation of new procedures as necessary. Be sure to include an evaluation of vendor relationships as well—what are you sharing or selling with others? You may decide this opens you to too much risk or you may be able to simply add some additional safeguards.
Obviously, there is not a one-size-fits-all solution, so these two important steps must be completely tailored to your unique situation. To help you get started, consider this helpful checklist created by Truyo, a collaboration between Intel® and IntraEdge.
WHAT SHOULD YOU BE DOING SOON?
Those first two steps should keep you plenty busy through the end of this year’s second quarter, or six months out from the start of the CCPA. After that, you’ll need to focus on further refinements. California’s Attorney General is expected to provide some additional guidelines to help with this during the third quarter and, depending on what’s issued, you may have to make additional modifications. Fourth quarter should be reserved for final review of changes and process testing.
To help you with this third and fourth quarter push, our plan is to share more details as they become available, so be sure to keep checking in to MJ Insight. And if you have questions in the meantime, please don’t hesitate to contact your MJ Consultant.