GDPR Compliant? Now It's Time For CCPA

engineer looking at servers feeding into the cloud

Posted on Thursday, June 6, 2019

When the European Union introduced the General Data Protection Regulation it sent shockwaves across the world. Suddenly any business storing and processing personal data belonging to EU citizens was expected to guarantee a broad range of safeguards and access rights. Breaching the regulation brings a potentially enormous fine – up to 4% of global turnover.

Some US-centric businesses will have been able to avoid the upheaval because they don't deal with EU citizens. But the new California Consumer Privacy Act is about to hit closer to home.

Enhanced rights for Californian citizens

CCPA is quite similar to GDPR – in concept. It is important to note that the new Act applies only to Californian residents however.

Under CCPA, businesses must:

  • Provide individuals with the right to opt out of personal data collection routines.
  • Provide access to any personal data collected over the past 12 months.
  • Provide an opt-out of personal data sales.
  • Delete personal data belonging to Californian citizens on request.

CCPA does not apply to all businesses either. To be affected, your organization must:

  • Have a gross annual revenue in excess of $25 million or,
  • Hold personal data belonging to 50,000 consumers, households or devices or,
  • Earn more than 50% of revenue by selling personal data.

CCPA does not apply to non-profits.

Preparing your systems

Although CCPA currently only applies to businesses serving Californians, other states are considering similar legislation. Implementing CCPA-compliant data management systems for all US citizens may save a considerable amount of money in the long term. 

This is of key concern for any organization holding large volumes of archive data. They will need to ensure that older systems – such as tape libraries and secondary disk arrays – are fully functional so that records can be deleted when a request is received.

CTOs need to act now – the fines for CCPA breaches are unlimited. With just six months until the Act comes into force, time is running out to get these legacy systems running correctly. If you need help or advice, speak to post-warranty storage specialists CDS and we’ll ensure you have full support – and parts – to prepare for compliance. Get in touch today.

Download article as a PDF - GDPR Compliant? Now It's Time For CCPA

More Articles

ai storage block

Is Storage Design Undermining Your AI Efforts?

Huge storage capacity is vital – but it isn’t enough for artificial intelligence applications.

man standing at a fork in a path

Third-Party vs. In-House: Choosing an IT Maintenance Strategy

As your hardware goes end-of-life, should you take maintenance responsibilities in-house, or find a new support partner?