How to Fully Implement Your CCPA Compliance Program
This is the last article in my series on the California Consumer Privacy Act, otherwise known as the CCPA.
The first three articles addressed how to determine if the CCPA applies to your business, some common misconceptions about the CCPA, and how to meet the requirements of the CCPA.
This last article will talk about what you should do when you've set up your CCPA compliance processes to make sure that your program is fully implemented.
The first thing you want to do is make sure you train people in your organization who need to know about your compliance processes, and how you've set them up, and how to follow them.
This is critically important. The only thing worse than not having a compliance policy or process in place is having a process that nobody follows. So make sure that you take the time to train people in your organization that need to know how to comply with the processes that you've set up.
Second - if you have employees in California, be aware that you are obligated to provide them with a notice indicating what personal information you collect from them and how that information is used.
That requirement comes into place in January of 2021 — something to think about that you'll need to check off your to-do list.
The only thing worse than not having a compliance policy or process in place is having a process that nobody follows.
The third thing to keep in mind is to set up a process once a year to review your CCPA compliance program and any other data privacy compliance processes you've set up to make sure that they're up to date and, if there are any new requirements, that you take those into account and revise your policies and procedures accordingly.
Finally, the last thing to know is that you should keep an eye out for new data privacy requirements in California.
There will be additional data privacy obligations for companies doing business in California, because the voters in California passed a ballot measure on November 3, 2020 that will bring California data privacy law more in line with the EU General Data Protection Regulation. Although most of the new requirements will not take effect for another two years (until 2023), this is something companies will have to deal with at some point before then.
I hope you found this article series to be helpful.
If the CCPA does apply to your business and you need help figuring out what you need to do to comply, feel free to contact me.
I also developed a series of easy-to-use tools and templates to allow companies to develop a CCPA compliance program, either on their own or just with a little help from me.