3 CCPA Requirements that will Impact Your Business Most

by Alison Divis |  10 |  CCPA , GDPR , Data Security

3 CCPA Requirements that will Impact Your Business Most image..


The California Consumer Privacy Act (CCPA) has introduced many pressing matters for businesses as they strive to become compliant. An absence of data privacy laws in the past, meant that most businesses didn’t have a data privacy structure in place that was remotely close to the level the CCPA now requires. 

Businesses will need to begin preparing for the CCPA immediately in order to meet compliance deadlines. This compliance journey will require numerous changes for most companies in order to meet the high requirements.

Companies that forego an intelligent strategy to become CCPA compliant will likely face a panicked scramble as their deadline approaches—similar to what occurred with GDPR compliance. In order to avoid that, let’s dive deeper into the three CCPA requirements that will make the biggest differences in your company.

Consumer Rights to Access Data

When the CCPA goes into effect on July 1, 2020, companies will be required to grant consumers access to their own personal data that is being stored by the company. Gone are the days when consumers were oblivious to what businesses were using their data for, or even what information businesses had collected about them. 

This portion of the CCPA is critical as businesses will be required to provide a 12-month look-back for their consumers. This means companies will need to start their CCPA compliance journey at least a year before the CCPA even goes into effect! Companies that wait too long to start the process may not be able to become compliant by the deadline and will face the possibility of hefty fines. 

In order to avoid these fines, companies will need to have a strategy in place that makes this information easily available to customers. One such strategy is investing in data governance. Companies that have strong data governance will find it easier to organize data and locate that data for their consumers. Companies shouldn’t just do the bare minimum of gathering consumer data. Rather, they should keep in mind the quality of the data they are collecting and trying to manage that data effectively. Well-managed data will allow companies to more effectively reach the CCPA requirement of providing customers with a 12-month look-back.

Because of the 12-month look-back CCPA requirement, businesses will also have to be upfront about how they use consumer data. Consequently, businesses will want to ensure they are using consumer information in such a way that will not upset their current consumers, as that could harm their corporate reputation and ultimately their bottom line. Companies that aren’t already doing this will need to start making necessary changes to how they use customer data in the very near future.

Consumer Rights to Opt out of the Sale of Personal Data

The CCPA will require companies to clearly provide consumers with the choice to opt out of the sale of their personal data. Businesses will not be able to sell customer data if their consumers oppose such transactions. 

As a result, companies may have more difficulty collecting information about their consumers and about potential customers that they are marketing to. Businesses may need to acquire data through direct interaction with consumers they are targeting, rather than purchasing the information. They will not be able to rely on outside sources of data in the way they do presently.

Although this will present a new challenge, it may also benefit businesses. For one, businesses can benefit from higher quality data because the data they have will not come from questionable sources; they will know exactly how data was obtained and be able to determine the quality level of the data they collect. 

This better data will allow companies to engage in more intelligent marketing strategies. Because companies will have first-party data, they will know exactly what attracts their target customers. They will have more accurate information from which to make business decisions. 

One suggestion is for companies to rethink their online platforms. In order to collect that data in the first place, company platforms will need to appear secure and professional so customers will be willing to enter their information on their webpages.

Consumer Rights to Sue Companies that Lose Their Information

A consequential effect of the CCPA is that consumers will have the right to sue companies that lose their personal information to hackers. Therefore, companies will want to step up their data privacy and work harder to protect consumer data, considering the new consequences if they don’t. 

Not only can consumers take their business elsewhere if their data is stolen, but companies will now also lose money if they are sued. It will pay for companies to improve their data security, both directly and indirectly as losing data damages company reputation that can take years to build back up. 

Because consumers will gain the right to sue for lost data, companies will need to work not only to comply with the CCPA but to adjust to the aftermath of the act. Even though companies will have to pay to improve their data security measures, it will pay off in the long run because they will be able to protect their company reputation and keep consumers happy.

So What?

Companies must realize that the impact of the CCPA is no trivial matter. They have to begin preparing now to become compliant. They will face fines, lawsuits, damaged reputation, and loss of customers if they cut corners. It will pay to be compliant, and consumers will value them for it.

Contact Us