The California Consumer Privacy Act (CCPA) is set to be the toughest privacy law in the United States. The act broadly expands the rights of consumers and requires businesses within scope to be significantly more transparent about how they collect, use, and disclose personal information. The act is one of the first laws to show that, as many jurisdictions have and are continuing to do, the U.S. may be trending toward more rigorous global privacy regulations. The CCPA was signed on June 28, 2018, is effective January 1, 2020, and enforcement is slated to begin no later than July 1, 2020. It has many similarities to the GDPR, from its extraterritorial reach to its expansive rights for individuals, and will impact tens of thousands of businesses worldwide that collect California consumers’ personal information.
Data protection management and compliance with the CCPA will be a challenging task. Most companies are planning to invest in external resources including technology solutions and consulting services. In recent “CCPA and GDPR Compliance Report” research, TrustArc found that 84% of respondents say that they have started the CCPA compliance process, but only 56% have started implementation.
Businesses that have prepared to comply with GDPR by creating comprehensive data governance practices, records of processing, and individual rights procedures will have a head start. But, under the CCPA, all companies in scope will need to enhance their data management practices, expand their individual rights processes, and update their privacy policies. According to research, 21% of respondents that also worked on GDPR compliance are ready for CCPA. However, out of the companies that haven’t worked with GDPR, only 6% are ready for CCPA. The overall compliance rate is currently 14%.
CCPA compliance requires diligent planning and training for teams on their roles in helping to implement CCPA compliance. Technology can help teams automate some of the otherwise manual processes, which will save time and help promote consistency. Technology can also assist teams to keep careful records – both for implementing programs that pertain to requirements such as responding to data subject access requests; and, for demonstrating compliance. Companies must carefully consider their privacy approach by selecting the best solutions and tools in order to achieve their privacy program management goals.
To help your company acquire a technology solution to efficiently manage CCPA compliance requirements, TrustArc has developed a comprehensive template you can use to help select the best privacy compliance solution for your company. The CCPA RFP Template benefits include:
- Comprehensive list of solution requirements to support CCPA compliance
- Flexible spreadsheet format for easy editing and collaboration
- Works for companies of all sizes across all industries
Request the TrustArc CCPA RFP Template here.
TrustArc can also help you develop a custom RFP for your business as well as provide guidance on the types of solutions that best fit your needs. To set up a free consultation, contact us today.