CCPA Compliance

The California Consumer Privacy Act (“CCPA”) is the toughest data privacy law in the United States, and a game changer for companies around the world. Clym helps companies get their websites compliant with CCPA in an easy and cost-effective way.

CCPA Compliance

What is CCPA?

CCPA is a state law that enhances privacy rights and consumer protections for residents of California. CCPA became effective on January 1, 2020 and enforceable as of July 1, 2020; the regulation requires affected companies collecting personal information from California residents (regardless of where the company is located) to implement CCPA-compliant protocols and procedures.

Personal information is any information that identifies, relates to, describes or could be linked to a consumer or household and includes data such as name, email, date of birth and even IP address.

A BUSINESS DOESN’T NEED TO BE LOCATED IN CALIFORNIA TO BE SUBJECT TO CCPA

Who Does CCPA Apply To?

Your business is subject to and needs to comply with CCPA if it collects data from California consumers and exceeds at least one of the following thresholds:

  1. Earns annual revenues of more than $25 million;
  2. Collects and processes personal information of at least 50,000 consumers, households or devices; or
  3. Derives at least 50% of its annual revenues from “selling” consumers’ personal information.

THERE ISN’T A ONE-SIZED FITS ALL SOLUTION TO DATA PRIVACY

Learn more about CCPA
DIFFERENCES BETWEEN GDPR AND CCPA

CCPA vs GDPR

Issue CCPA GDPR
Who Does The
Regulation Apply To?
For-profit entities that process personal data of California residents and either:

1) Earn more than $25 million in annual revenues
2) Collect and process personal data of more than 50,000 consumers
3) Derives at least 50% of its revenues from “selling” personal data
Any organization (for-profit, non-profit and governmental) that processes
personal data of European citizens and residents, regardless
of the organization’s location
Basis For Consent Opt-out (data can be collected as long as a consumer can withdraw their consent) Opt-in (no data can be collected without affirmative consent
from a consumer)
Penalties Up to $7,500 (or actual damages) for each violation if enforced by the Attorney General
Up to $750 (or actual damages) for each violation if enforced by an individual
The greater of 4% of annual revenues or €20 million
Individual Rights Granted Right to request information
Right to data portability
Right to opt-out
Right to access data
Right of disclosure
Right to deletion
Right to restrict sale of personal information
Right to be informed
Right of access
Right to rectification
Right to erasure
Right to restrict processing
Right to data portability
Right to object to processing
Rights in relation to automated decision making and profiling
HOW TO GET YOUR WEBSITE CCPA COMPLIANT

How To Set Up Your Cookie Banner for CCPA

CCPA is different from GDPR in that it doesn’t require websites to display a cookie banner, but CCPA does require websites to provide visitors with a way to “opt-out” of cookie collection, as well as to prevent a company from selling their information.

Clym’s flexible UI enables our companies to use a cookie banner for California customers if they choose, or you can decide to use our “privacy center” option, which replaces the cookie banner or popup with links to your privacy protocols in your website footer, reducing friction for your website visitors from California (and other jurisdictions where banners aren’t required).

Learn more about CCPA
MANAGING DATA SUBJECT ACCESS AND “DO NOT SELL” REQUESTS

How to handle “Do Not Sell My Personal Information” requests

CCPA enumerates certain rights for individuals, one of which requires companies to provide access to the data collected on individuals by facilitating Data Subject Access Requests (“DSARs”). That means that if a consumer can compel your company to provide it with the following rights:

  • Right to request information
  • Right to data portability
  • Right to opt-out
  • Right to access data
  • Right of disclosure
  • Right to deletion
  • Right to restrict sale of personal information

This last right is known as the “Do Not Sell My Personal Information” component of CCPA. If a consumer makes this request, your company cannot sell that consumer’s information for at least 12 months, after which the company can sell the consumer’s information provided that they obtain affirmative consent from the consumer to do so.

It is important to know that CCPA takes a broad view of the word “sell”, which the regulation defines as selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration.”

Based on our understanding of the regulation, if you’re running tracking scripts on your website, that’s considered to be selling personal information for purposes of CCPA.

CCPA requires that you respond to any DSAR within 45 days after receipt, which can be extended once for another 45 days provided you notify the consumer about the delay.

Learn more about CCPA

Get your website compliant!

Sign Up for Free today!

Website compliance in minutes.
Full access to all features
No credit card required until you’re ready to pick a paid plan

Frequently asked questions about CCPA

CCPA is here; it was passed as a law in 2018 and became effective on January 1, 2020 (Happy New Year, California!).

Yes, CCPA is a law that was enacted by the state of California (officially, it’s called Assembly Bill 375) and it was passed by the legislature in 2018.

CCPA is finalized and in effect, however the state of California is continuing to provide guidance regarding the regulation, and is not bringing enforcement action for CCPA violations until July 1, 2020

Yes! Much of the CCPA was modeled after GDPR, though there are some significant differences between the regulations.

The courts have not yet addressed that matter, however legal experts have stated that courts will likely have to determine whether CCPA’s cross-border implications violate the dormant commerce clause, and whether the vague definition of “personal information” is unconstitutionally void. Stay tuned!

CCPA provides five primary rights for CA residents:

  1. the right to access specific personal information that has been collected within the last 12 months about the consumer;
  2. the right to be notified about the types of information and the purposes for which the information will be used
  3. the right to request a copy of the personal information that is collected in a portable and easily readable format.
  4. the right to be forgotten; and 5) the right to restrict processing (“opt-out”) of personal information subject to some limitations.

Still have unanswered questions? Get in touch

Let Us Show You What Our Tool Can Do

Book a Demo

Clym can help you make your website fully compliant with CCPA and GDPR and prepare you for upcoming privacy laws. Schedule a complimentary demo with one of our consultants and see how Clym can support your compliance journey.

Book a demo at your convenience

Let our experts show you how to make your website GDPR and CCPA compliant in a 1:1 demo

Learn more about CCPA

CCPA Related Blog Posts

Recent survey shows that companies aren’t ready for CCPA
26Jun

Recent survey shows that companies aren’t ready for CCPA

Given that enforcement is moving forward in spite of Covid-19, businesses should ensure that they have achieved compliance, or can do so…

CCPA Is Here, But Is California Getting Another Privacy Law?
13Jul

CCPA Is Here, But Is California Getting Another Privacy Law?

California voters will be able to determine whether the new and tougher proposed law, the California Privacy Rights Act (“CPRA”)…

What Australian Companies Need to Know to Comply with CCPA
09Sep

What Australian Companies Need to Know to Comply with CCPA

many Australian companies already have a solid data privacy footing, however, those companies subject to CCPA should get familiar…