Skip to content
Header Secondary Logo
Header Secondary Logo

CCPA Compliance: 7 Lessons to Learn From Similar European Regulations

CCPA Compliance: 7 Lessons to Learn From Similar European Regulations

Share

CCPA Compliance: 7 Lessons to Learn From Similar European Regulations

Feb 2, 2021

Martin Canwell
performance chart and laptop behind us and uk flag filter

2020 saw the General Data Protection Regulation’s (GDPR) second birthday and the introduction of the California Consumer Privacy Act (CCPA), two far-reaching pieces of legislation, which have changed how we all view data security and privacy. While not identical, there are definite similarities between the two, and there’s already a great deal of information readily available as to how businesses can ensure compliance. However, compliance in theory can be a lot different to compliance in practice, as many European businesses have found over the last two years.

So, with the benefit of hindsight, what can businesses in the USA learn from the experiences of their European peers when it comes to data protection compliance?

1.      Regulators aren’t afraid to use their powers

Up until January 2020, there had been 160,921 personal data breeches within the European Economic Area (EEA). This figure has only translated into 340 GDPR fines being issued by the European data protection authorities, amounting to just over €175 million, which is not a staggering amount. However, there’s no hard and fast rule as to which companies are being fined. Of course, there have been some high profile fines, such as Google and British Airways, but don’t be fooled into thinking that smaller businesses aren’t liable, with businesses of all shapes, sizes and scopes also the recipients of GDPR fines so far.

2.      It’s not just about the fine

Some organisations think that paying a fine is less costly than being compliant and see it as a risk worth taking. What they fail to take into account is the other repercussions of non-compliance, namely damage to reputation. Thanks to GDPR and CCPA, more customers are aware of their rights when it comes to data protection and security, and will take a dim view of those businesses who don’t deem it important enough to take seriously. Regardless of fines, reputational damage can be much harder to overcome.

3.      An ongoing process

Compliance isn’t a one-off task and it requires time and effort to get it right. It’s not just a case of checking the compliance box and then moving on to the next task. It’s up to the business to make sure it keeps up-to-date with not just current legislation but any new and emerging requirements that might have an impact on their organization. As such, tools and processes need to be robust enough to ensure compliance, but flexible and scalable enough to adapt in-line with changing needs.

4.      Not just an IT problem

Compliance with GDPR and CCPA isn’t just the responsibility of the IT department. It’s vital that key stakeholders and everyone who’s going to come into contact with customer data is educated and sufficiently trained to uphold the required standards, particularly when it comes to obtaining consent. Joined-up, collaborative working between teams, departments and business functions is a must.

5.      Technology is your friend

So immense are the amounts of data that many businesses are dealing with that it’s almost impossible to achieve robust compliance without technology to help. The right systems can manage all customer data within the relevant compliance framework, with alerts and predefined workflows putting the relevant checks and balances in place to ensure breeches don’t occur.

6.      Proof of compliance

You need to be able to prove your business is compliant. Again, technology can help with this, with the right systems facilitating comprehensive reporting and auditability, not only providing in-depth visibility into your compliance processes, but supplying the evidence needed to demonstrate robust compliance to the relevant authorities.

7.      Use it as a business differentiator

While legislation ensures consumer privacy and data security is protected, it also enables businesses to provide consumers with the level of service they expect. As consumer awareness and knowledge of data privacy increases, so will the expectation that firms should be doing all they can to help. What might start off as merely another compliance box to check, soon becomes a driver of best practice and a key business differentiator in an increasingly competitive marketplace.

For more information on how Aptean can help with your compliance requirements, and ensure your business is fully compliant with CCPA, contact us now.

Tell us about yourself and an Aptean specialist will be in touch.