top of page

CCPA: The Scope and Effects

Updated: Mar 10

The California Consumer Protection Act (CCPA) will go into effect on January 1st, 2020. Are you ready?

Chances are you either have a minimal understanding of what the laws entail or you’re assuming that it won’t affect your business. After all, you’re not Google or Facebook, so it doesn’t matter. Right? Nope.

But, no worries, you’re not alone in your assumptions.

From the scope of the new laws to how they’ll affect your business on a daily basis, keep on reading for an overview of what the CCPA entails and its requirements.

CCPA: What Are We Dealing with Exactly?

In short, the California Consumer Protection Act (CCPA) is a landmark privacy law that’s set to go into effect by January 1st, 2020.

Essentially, after that date, Americans will be able to demand that companies (any company at all) to disclose what personal data they’ve collected on them. In addition, they can request the deletion of this data.

Under the shadow of massive data catastrophes like the Equifax breach and Facebook’s Cambridge Analytica scandal, you’ll find the law impacting data giants like Google and Facebook on a much larger scale than smaller companies.

However, that doesn’t mean that you can ignore the law.

If you collect subscription data or have solid subscription revenue going, then you have consumer data. If you have consumer data, then the laws apply to you.

What Does the CCPA Do?

The CCPA will allow consumers to force companies to tell them —in detail— what personal information has been collected on them.

Not only would the consumers get to see their information, but they also can request the deletion of that information. Moreover, they’ll have the authority to prohibit sharing it with third parties.

Moreover, companies will need to be proactive and tell their consumers about their data collection protocols upfront instead of ‘by request.’

In practice, consumers will be able to ask any company to disclose what data they’re collecting via email, a phone call, or a website form.

Furthermore, companies will have to add a ‘don’t sell my personal information’ button to their sign up forms. In addition, they can’t refuse services or charge higher prices for consumers who decide to exercise these rights.

Now, Americans will start enjoying protections similar to what the GDPR offers Europeans.

CCPA Requirements

There are five main CCPA requirements. They apply to companies either serving or employing California residents. If this applies to you, you’ll need to keep a rather close eye on to avoid running foul of data protection legislation.

1. Data inventory and mapping of in-scope personal data and instances of “selling” data

2. New individual rights to data access and erasure

3. New individual right to opt-out of data selling

4. Updating service-level agreements with third-party data processors

5. Remediation of information security gaps and system vulnerabilities

The requirement violations contain penalties that can expose businesses in California —or mainly serving California residents— to substantial risk.

In addition, these requirements will apply to organizations with pre-existing privacy capabilities. This is courtesy of GDPR compliance and those who’re dipping their toes in for the first time.

Need Help Getting Your Subscription Model Ready for CCPA?

With CCPA almost on our doorsteps, we hope this overview helped shed light on what the CCPA aims to do as well as how it’ll impact your business.

We also understand that it can be overwhelming to manage an overhaul of how you collect and store your consumer data. With our subscription models tailored to your business needs, we can help you migrate to a new privacy-conscious platform.

Make sure to schedule a demo with our team and we can help you kickstart the process.


bottom of page