CCPA Certification and Compliance
To comply with California Consumer Privacy Act (CCPA), you need to map your consumer data, update the privacy policies and notices of your website so fall in line with CCPA’s requirements, setup a smooth and error-free process for handling customer requests, provide data privacy training to your employees, and strengthen your data security system to prevent data breaches. If you already have GDPR compliance, you should be able to get CCPA compliance certification easily because you have already done most of the work. This article will teach you what CCPA certification is and how to get CCPA compliance.
What is CCPA certification?
The California Consumer Privacy Act is a data privacy law that lets California consumers control the way their personal data is collected, stored, and shared with third parties. Businesses all over the world have to adhere to this law if they want to deal with California residents, provided they meet any of the following criteria:
- They have gross annual revenue of $25 million or more.
- They collect, buy, or sell personal data of 50,000 or more California residents, households, and devices.
- They generate at least 50% of their annual revenue by selling the personal information of California residents.
CCPA applies to all for-profit businesses, even if not located in the USA. It gives consumers the right to see the data collected about them, delete the data, or ask companies to stop selling/sharing their data with third parties. The data could be any information linked to a specific individual or household, including geographical location, search history, shopping history, Social Security number, email, phone number, address, biometric data, etc.
Failure to comply with CCPA could invite a penalty of $2,500 in case of unintentional failure (primarily due to data breaches) and $7,500 in case of intentional failure.
How to get CCPA certification?
Step 1 – Map your data
This is the most labor-intensive task, but it can save a lot of time and effort when done right from the beginning. The personal information you collect can be segregated into two types; data for internal use and data that is shared with third parties.
Important information – CCPA states that consumers are not just buyers or prospects. They can be any California resident whose personal data is being collected. It could be the information of job applicants, employees, newsletter subscribers, or website visitors. Plus, every device used is counted as a single entity. So, the limit of 50,000 doesn’t just include people; it also includes devices and households.
Categorize your consumers first and then collect/keep the personal information that you may need. For example; for email subscriptions, you only need an email address; for online purchases, you would need to collect a person’s shopping history, geographical location, brand/budget/color/quality preferences, etc.
Once you have categorized the data, decide what information you want to share/sell and what you want to keep with you. When the data is mapped thoroughly, it will be easier to process the deletion requests and opt-out requests.
Step 2 – Update your privacy policies
Step 3 – Figure out how you are going to process consumer requests
Step 4 – Provide data privacy training to your employees
Step 5 – Strengthen your data security system
CCPA Data Privacy Course (on Udemy)
This course is easy to understand and provides a comprehensive overview of the California Consumer Privacy Act.