CCPA/CPRA Compliance
Pandectes GDPR Compliance helps Shopify Stores comply with the California Consumer Privacy Act (CCPA) & California Privacy Rights Act (CPRA) by scanning them and identifying the cookies and tracking technologies in use. The scan generates a report that classifies these technologies based on regulatory guidelines and provides options for updates to ensure compliance with CCPA & CPRA.
What is CCPA & CPRA?
The California Consumer Privacy Act (CCPA) is a privacy law that regulates how businesses operating in California, USA must handle personal information of California residents. It went into effect on January 1st, 2020, and gives California residents certain rights with respect to their personal information, such as the right to know what personal information is being collected about them, the right to request that their personal information be deleted, and the right to opt-out of the sale of their personal information.
The California Privacy Rights Act (CPRA) is a ballot initiative passed by California voters in November 2020, it is an amendment of the CCPA, which expands the rights of California residents and the obligations of businesses in regard to the collection, use, and sharing of personal information. The CPRA creates new rights for California residents, such as the right to correct inaccurate personal information, and the right to limit the use of sensitive personal information. Additionally, the CPRA expands the definition of personal information, increases the fines for non-compliance, and creates a new enforcement agency, the California Privacy Protection Agency. The CPRA will become effective on January 1, 2023.
Who does the CCPA/CPRA apply to?
CCPA requirements apply to any organization that processes and stores the data of California residents. This includes organizations that are based outside California, as long as they process and store the data of California residents.
What happens if I don’t comply with the CCPA & CPRA?
Failing to comply with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) can result in significant fines and penalties. Both laws give the California attorney general the power to impose administrative fines for non-compliance. The fines for CCPA can be up to $2,500 per violation or $7,500 per intentional violation. The fines for CPRA are higher and can be up to $7,500 for each violation and $2,500 for each unintentional violation.
Fines can be imposed for a variety of reasons, including failure to provide notice of data collection, failure to provide a way for consumers to opt-out of the sale of their personal information, failure to delete personal information upon request, failure to provide a way for consumers to access personal information, and failure to disclose data breaches.
In addition to fines, supervisory authorities can also impose other penalties, such as ordering companies to stop processing personal data, requiring companies to rectify non-compliance, and issuing reprimands.
In some cases, non-compliance with CCPA and CPRA can also result in legal action being taken against a company by individuals whose personal data has been affected.
It’s important to note that CCPA and CPRA compliance is not only about avoiding fines and penalties, but also about protecting people’s personal data and respecting their rights.
When will the CCPA & CPRA go into effect?
The California Consumer Privacy Act (CCPA) went into effect on January 1st, 2020. The California Privacy Rights Act (CPRA) was passed by California voters in November 2020 as a ballot initiative. However, it will not go into effect until 2023.
Complying with the CCPA & CPRA
The CCPA & CPRA stands as one of the comprehensive data privacy laws, and other states, such as Indiana, Iowa, Tennessee, and Montana, are also introducing their own privacy bills. As businesses operate across multiple states, it becomes increasingly difficult to navigate and adhere to the intricate network of state data privacy laws.
Maintaining compliance begins with staying informed about the evolving legislation that may impact your company. Keeping track of these laws as they progress through state legislatures is essential. Subscribing to relevant newsletters and resources can be helpful.
When a new law is enacted but not yet in effect, it is advisable to review its text in collaboration with legal counsel. They can assess your compliance status and provide guidance on necessary actions.
To streamline the data compliance process, consider utilizing a Consent Management Platform (CMP) like Pandectes GDPR Compliance. A CMP relieves the burden on your team by offering customizable consent management, automation of data subject access requests, and tools for cookie & vendor management. Pandectes GDPR Compliance is specifically designed for Shopify Stores and is ready to assist you in achieving and maintaining compliance within the ever-changing landscape of data privacy.