CCPA - Association of Corporate Counsel (ACC)



CCPA Similarities and Differences to European GDPR at a GlanceDisclaimer: Contoural provides information regarding business, compliance and litigation trends and issues for educational and planning purposes. However,?legal information is not the same as legal advice -- the application of law to an individual or organization's specific circumstances. Contoural and its consultants do not provide legal advice.?Readers should consult with competent legal counsel for professional assurance that our information, and any interpretation of it, is appropriate to each reader’s situationWhile there a number of similarities between California’s CCPA and the European Union’s General Data Protection Requirements (GDPR), there are also a number of differences. These are detailed in the table below.California CCPAEuropean Union GDPRScopeRights, Disclosure, TransparencyOmnibus – covers much morePersonal InformationBroader – includes households and devicesIncludes personal data as well as special categoriesRightsRights to access and deletion broaderSimilar right to erasureSecurityNot includedProcedures for protecting informationDisclosuresSpecific requirements for disclosureLess prescriptiveData SharingMore restrictive – but no rules for transfers outside the USRestrictions on transfers between countriesPrivacy by Design/DefaultNot includedRequiredData Protection Impact AssessmentsNot includedRequired if criteria metBreach NotificationsNot included 72-hour requirementData Protection OfficeNot requiredRequired if criteria metEnforcementCountry Privacy RegulatorsCA Attorney General and Right of Private ActionTable 1. CCPA compared against European Union's GDPRCompanies that have implemented GDPR compliance can leverage parts of these programs to meet CCPA requirements. However, additional program development for CCPA will still be required.Additional Information on This TopicThe actual CCPA legislation is relatively short and can be read here. White Papers Creating a California Consumer Privacy Act Action Plan – Part 1 and 2Part One provides an overview of CCPA requirements, defines personal information under the new law, compares CCPA requirements to those of the European Union’s General Data Protection Regulation (GDPR), discusses the impact of future updates to the Act, and potential program roadblocks. Part Two lists the key activities companies must undertake to become compliant, including specific policies, processes, technology and training. Together they provide an efficient, concise and prescriptive plan for ensuring CCPA compliance.Email Contoural at info@ for a copy of these white papers Webinars Creating a California Consumer Privacy Act Action Plan: The California Consumer Privacy Act (CCPA) goes into effect on January 1, 2020, providing a relatively short window for companies to prepare. While final details of the CCPA need to be sorted out by the CA Legislature, enough is known to start preparing now. In this webinar we present an action plan: what specific steps you need to take to get ready. To view the webinar, click here. California Consumer Privacy Act Series Part 1: A CCPA Overview: The California Consumer Privacy Act (CCPA) will go into effect on January 1, 2020, providing a relatively short window for companies to prepare. As many other states are looking at this legislation as a model for their own law, this law’s impact could be felt well beyond California.To view the webinar, click here.Note: Rest of the complimentary series available at Top 5 Reasons an Outdated Records Retention Schedule Can Undermine Your GDPR Compliance: A significant component of the European General Data Protection Regulation (GDPR) will require companies to retain personal data on European residents no longer than is necessary to satisfy the purposes for which it was processed. If your organization does collect and process any personal data, have you justified its retention through your records retention schedule or privacy policies? Companies need an up-to-date records retention policy and schedule to support both deletion and retention of critical information. To view the webinar, click here. You’ve Got Your GDPR Policy, What Now? In many ways, having your Data Protection Policy in place is not necessarily the last mile, but the first. In order to be fully GDPR-compliant, you need to understand where all of your information is, where your privacy data lives and how it’s being secured. In this webinar, Contoural will address the roadmap you need to follow to achieve full compliance.To view the webinar, click here. Email Contoural at info@ or visit for more content including the full 4-part webinar series on the California Consumer Privacy Act.About ContouralContoural is the largest independent provider of privacy and Information Governance consulting services. Selling no products nor providing any “reactive” eDiscovery services the company serves as a trusted advisor to more than 30% of the Fortune 500 as well as numerous small and medium-sized enterprises. Contoural is sponsor of ACC’s Information Governance Network as well as sponsor of ACC’s Legal Operations Network Records Management Toolkit. Additional information is available at . ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download