Your readiness roadmap for the California Consumer Privacy Act (CCPA)

The CCPA’s broad privacy requirements are entirely new to the United States -- and with a compliance deadline of January 2020, the clock has already started.

5 key requirements for the California Consumer Privacy Act

Requirement violations include penalty thresholds that may expose large California-based businesses to substantial risk. Both organizations with existing privacy capabilities, such as those developed for General Data Protection Regulation (GDPR) compliance, and those without any previous preparation may need the entire grace period before the deadline to deploy necessary capabilities. Our road map illustrates how companies can achieve CCPA readiness by 2020.

Companies serving or employing California residents may find these five CCPA requirements have the biggest impact on their business plans:

1. Data inventory and mapping of in-scope personal data and instances of “selling” data

2. New individual rights to data access and erasure

3. New individual right to opt-out of data selling

4. Updating service-level agreements with third-party data processors

5. Remediation of information security gaps and system vulnerabilities

Comparison of key GDPR and CCPA requirements

The CCPA is the beginning of “America’s GDPR.” Similar to the GDPR, the CCPA will require organizations to focus on user data and provide transparency in how they’re collecting, sharing, and using such data. But to what extent can a company extend its GDPR capabilities into its California operations to prepare for CCPA? Certain CCPA requirements overlap with the existing GDPR individual rights requirements, which may give GDPR-ready organizations a jump start on building a capability around user-data handling practices. Still, several policies, processes, and systems will still need updating to address differences between the two laws.


How PwC can help

CCPA is the first state privacy law of its kind, and it may be just the beginning, as the future of domestic privacy legislation in the United States is just starting to unfold with this new law. With a deep bench of privacy professionals seasoned by this year's GDPR deadline, PwC can help your organization approach CCPA compliance, including operational and structural impacts. We'll also help you understand future US privacy legislation and regulations if and when they are instituted.

Contact us

Jay Cline
Privacy Leader, Principal, PwC US
Tel: +1 (612) 596 6403

Follow us