We carry out comprehensive compliance audits and assist our clients in formulating policies and procedures that are aligned not only with their business needs but are accepted across the industry as secure and reliable thus minimising the risk resulting in and arising from data breaches. Further, we advise on compliance with data protection and privacy laws in all major regions and regimes. Plus, ensuring that all our clients’ dealings are kept up to date with the ever changing legal regimes.
CALIFORNIA PRIVACY LAWS - COMPLIANCE
The CCPA and CPRA are two California privacy laws that give consumers more control over their personal information. The CCPA went into effect in 2020, and the CPRA, which expands the CCPA'S protections, has been in effect since june 2023.
WHAT RIGHTS TO THESE LAWS PROVIDE?
- THE RIGHT TO KNOW WHAT PERSONAL DATA A COMPANY IS COLLECTING ABOUT A SUBJECT, HOW IT IS USED, AND WITH WHOM IT IS SHARED;
- THE RIGHT TO REQUEST DELETION (SUBJECT TO RESTRICTIONS) OF PERSONAL DATA OBTAINED ABOUT A SUBJECT;
- THE CHOICE NOT TO HAVE THEIR PERSONAL INFORMATION SOLD OR SHARED
- THE PROHIBITION AGAINST DISCRIMINATION WHEN SUBJECTS EXERCISE THEIR CCPA RIGHTS;
- THE RIGHT TO INITIATE A PRIVATE CAUSE OF ACTION FOR A DATA BREACH.
- THE RIGHT TO CORRECT INACCURATE PERSONAL INFORMATION THAT A BUSINESS HAS ABOUT SUBJECTS
- THE RIGHT TO LIMIT THE USE AND DISCLOSURE OF SENSITIVE PERSONAL INFORMATION COLLECTED ABOUT SUBJECTS.
PERSONAL INFORMATION
Any data that may be used to
identify a person, such as
their name, address, phone
number, email address,
social security number, or
credit card number, is
considered personal
information. additionally, it
may contain details about
their routines, interests,
and activities, such as their
online browsing history or
their past purchases.
WHO HAS TO COMPLY?
- ALL FOR-PROFIT BUSINESSES BASED IN CALIFORNIA
- BUSINESSES WITH A GROSS ANNUAL REVENUE OF OVER $25 MILLION.
- BUSINESSES THAT BUY, SELL, OR SHARE THE PERSONAL INFORMATION OF 100,000 OR MORE CALIFORNIA RESIDENTS, HOUSEHOLDS, OR DEVICES; OR
- DERIVE 50% OR MORE OF THEIR ANNUAL REVENUE FROM SELLING CALIFORNIA RESIDENTS’ PERSONAL INFORMATION.
BENEFITS OF COMPLIANCE
- BUILDING TRUST WITH CONSUMERS: CONSUMERS ARE INCREASINGLY CONCERNED ABOUT THEIR PRIVACY, AND BUSINESSES THAT COMPLY WITH CCPA AND CPRA WILL BE SEEN AS BEING MORE TRUSTWORTHY. THIS CAN LEAD TO INCREASED CUSTOMER LOYALTY AND SALES.
- COMPLYING WITH OTHER PRIVACY LAWS: CCPA AND CPRA ARE SIMILAR TO OTHER PRIVACY LAWS, SUCH AS THE GENERAL DATA PROTECTION REGULATION (GDPR). BY COMPLYING WITH THESE LAWS, BUSINESSES CAN HELP TO ENSURE THAT THEY ARE ALSO COMPLIANT WITH OTHER PRIVACY LAWS.
- GAINING A COMPETITIVE ADVANTAGE: BUSINESSES THAT ARE SEEN AS BEING PRIVACY-FRIENDLY MAY HAVE A COMPETITIVE ADVANTAGE OVER BUSINESSES THAT ARE NOT. THIS IS BECAUSE CONSUMERS ARE INCREASINGLY LIKELY TO DO BUSINESS WITH COMPANIES THAT THEY TRUST TO PROTECT THEIR PRIVACY.
CONSEQUENCES FOR NON-COMPLIANCE
- CIVIL PENALTIES: IN ACTIONS BY THE CALIFORNIA ATTORNEY GENERAL, BUSINESSES CAN FACE PENALTIES OF UP TO $7,500 PER INTENTIONAL VIOLATION OR $2,500 PER UNINTENTIONAL VIOLATION (BUT THERE IS AN OPPORTUNITY TO CURE ANY ALLEGED VIOLATION WITHIN 30 DAYS AFTER RECEIVING NOTICE OF THE ALLEGED VIOLATION).
- DAMAGES: IN ACTIONS BROUGHT BY CONSUMERS FOR SECURITY BREACH VIOLATIONS, CONSUMERS MAY RECOVER STATUTORY DAMAGES NOT LESS THAN $100 AND NOT GREATER THAN $750 PER CONSUMER PER INCIDENT OR ACTUAL DAMAGES, WHICHEVER IS GREATER. IN ACTIONS FOR STATUTORY DAMAGES, CONSUMERS MUST FIRST PROVIDE BUSINESSES WITH WRITTEN NOTICE AND AN OPPORTUNITY TO CURE.
- NON-MONETARY RELIEF: IN ACTIONS BROUGHT BY CONSUMERS FOR SECURITY BREACH VIOLATIONS, CONSUMERS MAY SEEK INJUNCTIVE OR DECLARATORY RELIEF, AS WELL AS ANY OTHER RELIEF THE COURT DEEMS PROPER.
- BUSINESSES MAY ALSO BE SUBJECT TO AN INJUNCTION IN ACTIONS BROUGHT BY THE ATTORNEY GENERAL.
COMPLIANCE ROADMAP
STEP 1
UNDERSTAND THE APPLICABILITY AND UPDATE YOUR PRIVACY POLICIES
STEP 2
PROVIDE NOTICE AT DATA COLLECTION POINTS
STEP 3
Obtain consent for data processing and establish processes to cater for data subjects requests
STEP 4
Update vendor contracts, implement security measures and conduct periodic reviews
THE GENERAL DATA PROTECTION REGULATION, 2018 (GDPR)
The GDPR is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they
target or collect data related to people in the EU. With the GDPR, Europe is signaling its firm stance on data privacy and security at a time when more people are entrusting their personal data with
cloud services and breaches are a daily occurrence. The regulation itself is large, far-reaching, and fairly light on specifics, making GDPR compliance a daunting prospect, particularly for small and
medium-sized enterprises (SMEs).
WHO HAS TO COMPLY?
- A company or entity which processes personal data as part of the activities of one of its branches established in the EU, regardless of where the data is processed; or
- A company established outside the EU and is offering goods/services (paid or for free) or is monitoring the behaviour of individuals in the EU.
AREAS COVERED
- Processing of personal data
- Data subjects rights
- Data controllers and processors
- Security of personal data
- international transfers of personal data
- Technical and organizational measures
CONSEQUENCES FOR NON-COMPLIANCE
- Your business may become ineligible to practice within Europe
- Your business may loose customers
- Administrative fines worth 20 million euros can be imposed
- You could be subject to administrative audits conducted by data protection authorities.
- Your business could be subject to negative publicity
FINES FROM GDPR VIOLATIONS
- META - 1.2 Billion Euros
- AMAZON - 746 Million Euros
- META - 406 Million Euros
- META - 390 Million Euros
- META - 265 Million Euros
- WHATSAPP - 225 Million Euros
- GOOLE LLC - 90 Million Euros
- GOOGLE IRELAND - 60 Million Euros
- FACEBOOK IRELAND - 60 Million Euros
- GOOGLE FRANCE - 50 Million Euros
BENEFITS OF COMPLIANCE
- More effective marketing
- Better customer relationships due to increased trust
- More accurate, secure and organized data
- You could be subject to administrative audits conducted by data protection authorities.
- Updated technology
