Book a personal demo and see how to make your website compliant today. Book a Demo now
The California Consumer Privacy Act (“CCPA”) is the toughest data privacy law in the United States, and a game changer for companies around the world. Clym helps companies get their websites compliant with CCPA in an easy and cost-effective way.
CCPA is a state law that enhances privacy rights and consumer protections for residents of California. CCPA became effective on January 1, 2020 and enforceable as of July 1, 2020; the regulation requires affected companies collecting personal information from California residents (regardless of where the company is located) to implement CCPA-compliant protocols and procedures.
Personal information is any information that identifies, relates to, describes or could be linked to a consumer or household and includes data such as name, email, date of birth and even IP address.
Your business is subject to and needs to comply with CCPA if it collects data from California consumers and exceeds at least one of the following thresholds:
THERE ISN’T A ONE-SIZED FITS ALL SOLUTION TO DATA PRIVACY
| Issue | CCPA | GDPR |
|---|---|---|
| Who Does The Regulation Apply To? | For-profit entities that process personal data of California residents and either: 1) Earn more than $25 million in annual revenues 2) Collect and process personal data of more than 50,000 consumers 3) Derives at least 50% of its revenues from “selling” personal data | Any organization (for-profit, non-profit and governmental) that processes personal data of European citizens and residents, regardless of the organization’s location |
| Basis For Consent | Opt-out (data can be collected as long as a consumer can withdraw their consent) | Opt-in (no data can be collected without affirmative consent from a consumer) |
| Penalties | Up to $7,500 (or actual damages) for each violation if enforced by the Attorney General Up to $750 (or actual damages) for each violation if enforced by an individual | The greater of 4% of annual revenues or €20 million |
| Individual Rights Granted | Right to request information Right to data portability Right to opt-out Right to access data Right of disclosure Right to deletion Right to restrict sale of personal information | Right to be informed Right of access Right to rectification Right to erasure Right to restrict processing Right to data portability Right to object to processing Rights in relation to automated decision making and profiling |
CCPA is different from GDPR in that it doesn’t require websites to display a cookie banner, but CCPA does require websites to provide visitors with a way to “opt-out” of cookie collection, as well as to prevent a company from selling their information.
Clym’s flexible UI enables our companies to use a cookie banner for California customers if they choose, or they can decide to use our “privacy center” option, which replaces the cookie banner or popup with links to your privacy protocols in your website footer, reducing friction for your website visitors from California (and other jurisdictions where banners aren’t required).
CCPA enumerates certain rights for individuals, one of which requires companies to provide access to the data collected on individuals by facilitating Data Subject Access Requests (“DSARs”). That means that a consumer can compel your company to provide it with the following rights:
This last right is known as the “Do Not Sell My Personal Information” component of CCPA. If a consumer makes this request, your company cannot sell that consumer’s information for at least 12 months, after which the company can sell the consumer’s information provided that they obtain affirmative consent from the consumer to do so.
It is important to know that CCPA takes a broad view of the word “sell”, which the regulation defines as selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration.”
Based on our understanding of the regulation, if you’re running tracking scripts on your website, that’s considered to be selling personal information for purposes of CCPA.
CCPA requires that you respond to any DSAR within 45 days after receipt, which can be extended once for another 45 days provided you notify the consumer about the delay.
Get your website compliant!
CCPA is here; it was passed as a law in 2018 and became effective on January 1, 2020 (Happy New Year, California!).
Yes, CCPA is a law that was enacted by the state of California (officially, it’s called Assembly Bill 375) and it was passed by the legislature in 2018.
CCPA is finalised and in effect and has started being enforced since July 1st, 2020. However the state of California continues to provide guidance regarding the regulation.
Yes! Much of the CCPA was modeled after GDPR, though there are some significant differences between the regulations.
The courts have not yet addressed that matter, however legal experts have stated that courts will likely have to determine whether CCPA’s cross-border implications violate the dormant commerce clause, and whether the vague definition of “personal information” is unconstitutionally void. Stay tuned!
CCPA provides five primary rights for CA residents:
Still have unanswered questions? Get in touch
Clym can help you make your website fully compliant with CCPA, GDPR, and LGPD and prepare you for upcoming privacy laws. Schedule a complimentary demo with one of our consultants and see how Clym can support your compliance journey.
Let our experts show you how to make your website GDPR, CCPA and LGPD compliant in a 1:1 demo
Given that enforcement is moving forward in spite of Covid-19, businesses should ensure that they have achieved compliance, or can do so…
California voters will be able to determine whether the new and tougher proposed law, the California Privacy Rights Act (“CPRA”)…
many Australian companies already have a solid data privacy footing, however, those companies subject to CCPA should get familiar…
A Compliance solution that your legal and marketing teams will love!
