By now, you are most likely familiar with Europe’s GDPR. The General Data Protection Regulation requires any company doing business with citizens of the European Union to place appropriate technical and organizational measures to protect the data of their customers. It also grants individuals to request records of how their data is used and the ability to require that a company expunge any and all personal data they have stored.
The state of California recently adopted a similar set of rules, called the CCPA. The California Consumer Privacy Act will become law on January 1, 2020. The CCPA applies to companies that do business in California, and meet any single one of the following:
The CCPA grants California residents the following five rights:
GDPR and the CCPA are similar in the way that under both, consumers can request their data records and require that they are erased.
However, the two regulations also differ in several ways. Mainly, GDPR focuses on data rights and ownership, where has CCPA regulates the sales of personal information for profit. The CCPA grants rights only to individuals who are residents of California, as defined by those people who file income tax in the state.
One of the most significant parts of the CCPA is that it expands the definition of data to include information that is capable of being associated with or linked, directly or indirectly, with a particular California resident or household. This means that business under this law must be prepared to locate and disclose a much larger swath of information.
Under the CCPA, a business should also be ready to disclose its data collection practices, along with a description of the categories of data it collected over 12 months leading up to the request, where it was sourced, if it was shared or sold, and the types of parties that received it. All of this information must be provided to the individual that requests it within 45 days.
Businesses under the CCPA should review data contracts to ensure they have a full picture of where consumer data is going, how it used, and that it can be retrieved. They also need to provide an opt-out on their website so individuals can ask that their information not be disclosed or sold.
ringDNA falls under the new CCPA law and already has customers that do as well. Just like GDPR, ringDNA has ensured it is 100% compliant to CCPA so all current and potential partners are ready come January.
In the ringDNA admin controls, administrators have the ability to manage and delete customer data and our support and success teams are ready to help with any requests or questions.