Privacy experts often compare the CCPA to the GDPR because CCPA borrows most of the EU Data Protection law concepts. The five new rights that have been awarded to Californians are:
- A right to know what personal information is being collected about them,
- A right to know whether their personal information is sold or disclosed and to whom,
- A right to say no to the sale of personal information,
- A right to access their personal information, and
- A right to equal service and price, even if they exercise their privacy rights.
We offer the following services:
Similar to GDPR Assessment we offer three steps process for CCPA assessment.
Control Information Flow - Understand where sensitive information travels throughout your organization to safeguard it with your program appropriately
Build Privacy Processes - Build the policies and processes you need for privacy protection, privacy impact assessment, policy management, and other program areas include technology solutions to manage GDPR data subject rights such as consent, right to deletion, etc.
Maintain Privacy and Compliance - Whether you have an official data protection officer on your team or not, we will build repeatable processes for your organization
Technology solution deployment steps:
- Privacy Impact Assessment – Initiation and analysis
- Compliance road map – Core team, pilot, and solution identification
- Compliance solutions – Enterprise rollout and training
- Steady-state – SLA and Continuous improvement
We perform the following tasks:
- Advise clients on the scope
- Guide and educate our client’s team on:
- Design a custom approach on how to create an effective data protection program
- Assist in performing Data Privacy Impact Analysis (DPIA)
- Assist in the implementation of the program or assess the existing one to identify gaps and remediate
- Train the staff using SECURETAIN training modules
- Train the staff on how to monitor the program to ensure sustainability and effectiveness of the privacy and data protection program
The CCPA assessment defines personal information more broadly than California’s other laws. It includes any information that directly or indirectly identifies, describes, relates to, is capable of being associated with, or can reasonably link to a consumer or household. Households are included in the threshold for a covered business under the law. If a business alone or in combination annually buys, receives, sells, or shares the personal information of 50,000 or more consumers, households, or devices, then the CCPA applies.