As of July 2020, it will be extremely important to abide to the CCPA regulations in order to avoid hefty fines which could mount up to 7,500 dollars per user. But does this include you?
If you run a for-profit company, you’re obligated to comply with the Act if your business:
- Receives, processes, or transfers data from over 50,000 Californians per annum
- Your gross yearly takings exceed $25 million,
- At least 50% of your annual revenue comes from selling data belonging to Californians
While it may be confusing for many to make 100% sure that a website is completely CCPA compliant, we at Usercentrics have complied a short and easy checklist so you as a website provider can be on top of the latest CCPA regulations.
Take A Look
Does it include all relevant information? CCPA requires website providers to be transparent with the type of data you collect from your users such as:
- What kind of information you collect and process
- Why do you collect and process information
- How do you collect and process information
- The methods to request access, change, move, or deletion of their personal data
- The method for verifying the identity of the person who submits a request
- Sales of users’ personal data and how they can opt-out of the selling of their data
Right to Disclosure
If you collect information about a consumer protected by the CCPA, then you must inform the consumer of your intentions at or before the point of data collection. This can be done through the use of a banner or pop-up for when the user visits your site.
Gather and store Consent
CCPA requires obtaining prior consent from minors before selling their personal information. Obtain consent directly from visitors that are 13-16 years old, and when younger, it is necessary to obtain consent from parents or legal guardians.
This link must be made easily available on your website homepage, through the use of a CMP for example- making it illegal to sell data once a user has clicked on this link.
Make sure that users can contact you
CCPA grants your California users a right to access the personal data you’ve collected from them; they can request changes to the information, move it somewhere else, or delete it. You have a duty to provide a means for submitting such requests.
Set up a system for verification of the identity of the person making any requests
If a business cannot reasonably verify the identity to the appropriate degree of certainty, it must inform the consumer and explain why the request could not reasonably be verified.
Contact one of our customer service representatives today to learn more.