The California Consumer Privacy Act of 2018 or CCPA, has been enacted in California. Even if your business is not in California, your business data and data collection policies may be greatly affected. The law is similar to GDPR in Europe, but it also has some very specific differences that companies need to be aware of.
First, what companies are required to follow the CCPA:
- Companies who have total annual revenue in excess of twenty-five million dollars ($25,000,000).
- Companies that in aggregate annually buy, sell, trade, or receives/shares personal consumer information from 50,000 or more Califonia consumers.
- Companies that derive 50% or more of their total annual revenue from selling California consumers' personal information
If your company falls under this scope1 then you need to read on and be ready to make changes to your data collection and retention. There are legal and technical structures you need to put in place to be able to comply with the CCPA.