CCPA: The New GDPR Law in California

CCPA: The New GDPR Law in California

JULY 19, 2018 – Last month we told you about the European Union law that went into effect in May. Known as the General Data Protection Regulation (GDPR), it impacts not only businesses in the EU, but also those around the world that gather personal data from EU residents.

The intent of the law is to protect the private data of EU citizens. The law gives them more control over that data. GDPR also makes privacy the default position for businesses that collect this type of information. They must protect it or violators will be forced to pay up to 4% of their annual global revenue.

For online marketers, GDPR means that companies must have a lawful reason for collecting data and can no longer hide consent language.

GDPR California Style

With the passage of GDPR and recent data breaches at Wells Fargo and Cambridge Analytica, the State of California passed the California Consumer Privacy Act (CCPA). The goals of CCPA are similar to that of GDPR: Give citizens more control over their information. describes CCPA as one that will change, “the landscape of privacy laws and compliance for many years to come.”

CCPA Core Principles reports that CCPA has three fundamental rights at its core:

  1. The right to know what personal information is being collected;
  2. The right to know what personal information is being sold and/or shared with third parties and who those third parties are;
  3. The right to opt-out, or request that their personal information no longer be sold.

Under the law, companies must make disclosures about the data they collect and how it will be used.  They must also provide this information when asked for it. When a consumer wishes to opt out, businesses must comply.  They are prohibited from discriminating against that individual or selling his or her personal information, as well.

CCPA Penalties

Like GDPR, this new law will have penalties for companies that don’t comply. A business will pay $750 per consumer, per incident! So if a breach involves the private data of 1 million people, a company would be fined $750 million!

The Wrap

For online marketers, the new law represents additional hurdles to collecting emails and contact information.  Marketers use this data for their sales conversion processes. When it goes into effect on January 1, 2020, CCPA will be one of the toughest data privacy laws in the country. Just as GDPR has done, it will alter how businesses handle private information.

With the rash of breaches in the last few years that put the personal information of millions of people at risk, it’s understandable why governments are moving to create protections.

Do you have questions about online marketing? Call Social Flair at 513-237-5530 to get answers.

If you found this information useful you can subscribe to my updates by clicking here.

Bob Turner is an Online Marketing Consultant with Social Flair Marketing in Cincinnati, Ohio.

About the Author