How Will CCPA Affect Businesses Outside of California?

While the California Consumer Privacy Act (CCPA) intends to protect just California residents, this consumer protection law will apply to businesses all over the world. Starting on July 1, 2020, any company that has customers or visitors from California are required to comply to avoid being liable to penalties. While California is the first state in the US to place such protections in place, rumors abound that they are paving the way for other US states to follow suit.

To help businesses prepare, here is how the upcoming CCPA regulations will affect companies outside of California.

Empty Boardroom Waiting for Compliance Laws

Does My Organization Need to Adhere to CCPA?

If your business collects information from or about a California resident, does any work in California, or generally has anything to do with the personal data of California inhabitants, then CCPA regulations will apply to you. This new regulation will apply to organizations whose revenue meets or exceeds $25 million USD per year; holds more than 50,000 California residents’ personal information or makes half or more of its income from selling California residents’ personal data. It doesn’t matter if you are based in California, another US state, in an entirely different country, or even if you are an online-only business with no brick-and-mortar presence at all. All you need is 1 of your customers to be from California for your organization to qualify for compliance.

What if We Receive a California Residents’ Information While for Purposes Having Nothing to do with California?

As long as you have one consumer who is from California, CCPA compliance is required.

For example, your business is a Paris-based airline offering flights within France. Your organization is based in France, do business only in France, and conducted by French citizens, but if you have one passenger from California—who purchases their tickets while still home—CCPA rules still apply.

Or, you are a content creator living in Toronto who has amassed a large following on social media and the traffic to your website exceeds 50,000. Even though you are living in Canada, engaging in sponsored content with only Canadian companies and file your taxes in Canada — if you have visitors to your website from California and their information is monitored through an analytic program, CCPA rules still apply.

How Do Businesses Become CCPA Compliant?

Let us help you achieve worry-free compliance in a zip. We will help your business meet the requirements based on the consumer protection law that includes providing consumers with a toll-free number for requesting copies of and deleting their personal information by telephone.

How can we help?

Based on the information above, governance is quite involved and challenging. Our ZipComply Concierge service helps your business at the consumer end of your web presence. Our Data Governance consulting group can help you with your enterprise level governance and compliance.

  • Risk Assessment
  • Gap Analysis
  • Data Mapping and Inventory
  • Policy Management
  • Procedure Management
  • Training
  • Recurring Compliance Audits
  • IT Security
  • System Integration
  • Automation
Contact Us
Consumer on a Computer