November 30, 2020 - Repost: compliancejunction.com
At the beginning this month the electorate of California voted to pass the California Privacy Rights Act (CPRA), legislation created to further enhance the reach of the California Consumer Privacy Act that become enforceable earlier in 2020.
The passing of the CPRA into law allocates a number of new rights to Californian citizens including:
When the proposed amendments were released earlier in the year California Attorney General Xavier Becerra said : “With these rules finalized, California breaks ground and leads the nation to protect and advance data privacy.”
Conveniently, for Californian-based companies that do business in the European Union, there are a number of key similarities between the CPRA and the European Union’s General Data Protection Regulation, which became enforceable back in 2018. Essentially by ensuring that they are adhering to GDPR will mean that they are also compliant with the CPRA. This means that compliance is much easier to achieve on two fronts and also emphasizes the importance of referring to expert guidance and advice in relation to the implementation of a strict compliance regime.
So what is the common ground between the CPRA and GDPR? When the GDPR was initially passed into law it was envisaged that it would allow EU citizens the right to enforce the limitation of the use of their personal data and ensure a standard level of security being available throughout the EU. It has been relatively successful and, despite coming in for some criticism for not being strict enough a number of large fines have been sanction against large companies (including Google, Twitter and British Airways) as well as many other GDPR fines for much smaller companies.
The CPRA amendments to the CCPA that were passed will bring California’s data privacy regime more in line with that of GDPR on a number of fronts including:
Please visit compliancejunction.com for the most up-to-date marketing and compliance news.
NOTE: This article is provided for informational purposes only and does not constitute legal or professional advice. Denver Marketing Solutions recommends that businesses engage the services of an experience data privacy/data protection practitioner as well as legal counsel, when preparing for compliance with data protection and privacy laws.