Siemly Global offers worldwide cutting edge services to help your company achieve compliance under California’s CCPA and the European Union’s GDPR privacy regulations.
The CCPA grants consumers significant rights when it comes to understanding, requesting, collecting, and protecting their personal information. These rights include: The right of Californians to know what personal information is being collected about them. The CCPA applies to any business, including any for-profit entity that collects consumers’ personal data, which does business in California, and satisfies at least one of the following thresholds:
- Has annual gross revenues in excess of $25 Million; or
- Possesses the personal information of 50,000 or more consumers, households or devices; or
- Earns more than half of its annual revenue from selling consumers’ personal information.
Organizations are required to “implement and maintain reasonable security procedures and practices” in protecting consumer data.
The GDPR creates a right for data subjects to access their data, free of charge, and to request its correction or deletion. And it imposes potentially massive penalties for noncompliance.
Both contain significant penalties for noncompliance, with GDPR fines reaching up to €20 million or 4 percent of an organization’s worldwide annual revenue from the preceding fiscal year, whichever is greater. CCPA violations, in turn, can cost up to $7,500 per violation. The CCPA also contains a private right of action that is a class action attorney’s dream.
The CCPA grants consumers significant rights when it comes to understanding, requesting, collecting, and protecting their personal information. These rights, enumerated in Section 2 of the Act, include:
- The right of Californians to know what personal information is being collected about them.
- The right of Californians to know whether their personal information is sold or disclosed and to whom.
- The right of Californians to say no to the sale of personal information.
- The right of Californians to access their personal information.
- The right of Californians to equal service and price, even if they exercise their privacy rights.
It’s that fourth provision that we’re concerned with today, as it grants consumers the right to request information from businesses. That information must be made available, free of charge, within 45 days (with extensions possible), and in a form that is “in a readily useable format that allows the consumer to transmit this information to another entity without hindrance.”
It’s worth noting, too, that the CCPA defines “personal information” broadly, as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”
These include the usual suspects like names, Social Security numbers, and email addresses, but also data that might not be so obvious, such as biometric information, browsing history, and geolocation data.
If that information is not linked to a specific individual, that does not mean the CCPA is not implicated; the law is broad enough to encompass data collected at the household and device level as well.
Examples of personal information protected by the CPPA:
- Real name
- Alias
- Postal address
- Unique personal identifier
- Online identifier Internet Protocol address
- Email address
- Account name
- Social Security number
- Driver’s license number
- Passport number
- Personal property, products or services purchased
- Purchasing history
- Consuming histories or tendencies
- Biometric information
- Internet or other electronic network activity information
- Browsing history
- Search history
- Geolocation data
- Professional or employment-related information
GDPR: What You Need to Know
If the CCPA is new, legal professionals might be more familiar with the GDPR. GDPR, which stands for General Data Protection Regulation, regulates the collection, storage, and usage of personal data of EU citizens.
Under the GDPR, organizations handling personal data are broken into two groups: data controllers, who control personal data and make decisions regarding how it is used, and data processors, companies that process the data as directed by another company.
Though the GDPR is a regulation of the European Union. Under the GDPR, businesses that process the personal data of EU citizens must comply with the law, regardless of the company’s location or the location of the data processing. If you are an EU-based business storing and processing data outside of the EU, for example, or a Canadian-based organization doing business with EU residents, the GDPR may apply.
Under the GDPR, data subjects— those whose personal information is collected, held, or processed—have a right to access the personal data collected about them, free of charge.
The mechanism for obtaining that information is through “data subject access requests,” or DSARs.
This is where Siemly Global fits in. The Siemly platform as a service takes your complicated internal processes and automates them so they are simple and streamlined (Simplify Data Privacy Through Automated Workflows), so your company is compliant and meets regulatory consumer request requirements in days not months. Siemly brings value to their clients by:
- Saving Time and Money
- Providing Peace of Mind
- Customization Tailored To Your Company
- The Ability To Get Up and Running Quickly
Ensure your company’s compliance with privacy regulations and demonstrate to auditors, regulators, and your customers, a strong commitment to data privacy, compliance and security with Siemly Global.
For more information get your company ready and to stay compliant go to https://www.siemly.com and request a demo.