CCPA Compliance Assessment for Privacy Programs
Start preparing for the California Consumer Privacy Act (CCPA) with a Compliance Assessment by the Clarip privacy software and team. Clarip can provide an initial assessment of your current state of CCPA compliance with gap identification and benchmarking against other privacy programs. Clarip can also help develop an action plan customized to your business, budget and current state of readiness to help you begin the journey to providing the law’s new rights to California consumers.
To start your CCPA compliance assessment, call 1-888-252-5653 to speak to a member of the Clarip team.
Start Planning for the California Privacy Law Now!
The CCPA goes into effect on January 1, 2020 and the 12 month lookback period for the privacy disclosures has already begun. It is crucial for covered businesses to begin preparations immediately as there are less than nine months to go. Even last year, organizations were expressing skepticism about their ability to meet the law’s deadline. With the first draft of the California Attorney General’s regulations anticipated for Fall 2019, organizations need to do as much as they can ahead of that announcement so that they have the time to make necessary adjustments following that period.
Enforcement by the California Attorney General of the CCPA will be delayed up to six months and could start as late as July 1, 2020. However, this does not mean that an organization can rely on the extra four to six months to delay development of their data privacy program. The disclosure requirements go into effect on January 1st and the private right of action for data breaches does as well.
What can you expect from your privacy program assessment?
Assess Readiness – A strong data privacy and compliance program is essential to meeting the obligations and consumer expectations of the CCPA. An organization that does not have the internal processes in place to provide transparency on its practices to consumers, as well as control over their data, will need to make significant internal adjustments in order to be ready.
Benchmarking – Organizations need to understand how other businesses are responding to the law in order to avoid being the company with the weakest data privacy practices. Benchmarking is a crucial aspect to this endeavor. Clarip can help your organization understand how other companies are moving toward CCPA compliance.
Action Plan – Clarip will develop an action plan tailored to your business, budget and readiness to help your organization from its current state to an enhanced privacy program that can meet the challenges of CCPA. This plan can be implemented internally by your organization or with the assistance of the Clarip software and team.
Frequently Asked Questions:
If my organization is ready for GDPR, do I need a CCPA assessment?
The short answer is yes.
First, many organizations limited the scope of their GDPR preparations to their European divisions or operations. If your company prepared for GDPR but excluded its California data, then it needs to go through the process again for California. Additionally, if the individuals running European operations are separate and distinct from the individuals that will execute on the CCPA privacy requirements, additional work will need to be done.
Second, even if the requirements of GDPR and CCPA were the same (which they definitely are not), many organizations are still in the process of enhancing their privacy practices for the new European privacy law. Despite the May 2018 enforcement date, numerous benchmarking surveys have indicated that organizations were not ready at that point. If your organization is still in process, a compliance assessment is a good way to make sure that the key features needed for the CCPA have already been implemented. Additionally, if your data subject access rights (DSAR) process is manual, it may not be able to stand up to additional pressure from implementation for another 40 million people if your organization has a large number of California consumers.
Finally, California imposes different requirements than GDPR. GDPR does not provide for implementation of a Do Not Sell My Personal Information button. California has a training requirement not present in GDPR. The exemptions and disclosure obligations are also different between GDPR and CCPA. An organization simply can not assume that they are prepared for CCPA because they have implemented GDPR. Indeed, for some businesses it may pose a bigger challenge as they try to figure out how to effectively merge the two regulations into an overall privacy program.
Why Hire Clarip?
Clarip has the technology and experience to provide your organization a meaningful outside look on its privacy program. From your privacy disclosures to your data subject access rights (or individual rights), Clarip will use its software and deep privacy knowledge to help put your organization on the path to success in California.
For additional information about our CCPA Assessments, please call 1-888-252-5653 to speak to a member of the Clarip team.