The California Consumer Privacy Act (CCPA) was passed on June 28th, 2018. Similar to the GDPR, the CCPA will require companies in scope to enhance data privacy management practices, expand individual rights processes, and update privacy policies by January 1, 2020. Those who have experience managing GDPR compliance know the importance and benefit of starting early. While some may have a head start, creating processes to manage new and ongoing compliance obligations under the CCPA will be a large undertaking of its own. Americaneagle.com and TrustArc, a leader in privacy compliance technology, have partnered to bring you 5 tips to help you jumpstart your CCPA compliance plan.
1. Start early.
2. Understand fines associated with CCPA violations.
3. Secure a budget.
4. Leverage GDPR and other existing privacy program efforts.
5. Organize your compliance program with these three pillars.
People - Identify the team members who will be responsible for conducting the tasks and whose informational inputs are necessary for a comprehensive assessment. Ensure that everyone involved is trained on the process and technology. Ideally team members will be well versed in data privacy management requirements and best practices.
Process - Design the workflow of information gathering and identify gaps against the requirements. Leveraging best practices and templates in questionnaire form instead of manual checklists will build efficiency. A business will likely need multiple templates to address different types of risk; however, a single template may be effectively used to address a set of processing operations that present similar high risks.
Technology - Privacy technology platforms with built-in digital data discovery, data inventory, DPIA / PIA and assessment templates, cookie consent, workflows, and reporting will enable a team to collaborate, guide the workflow process, serve as the central repository of compliance evidence, and facilitate ongoing periodic audits that reflect business changes.