This week TrustArc had a strong presence at the IAPP CCPA Comprehensive 2019 in Fremont, California. The day was filled with panels of experts discussing the scope of the California Consumer Privacy Act (CCPA), definitions of key terms, and overlap with the General Data Protection Regulation (GDPR). The panels also offered a “stump the panelists” session where attendees were able to ask about the real-life challenges companies are facing today.
In addition to the great discussions, there were also ample opportunities for networking and meeting with solution providers. TrustArc had many conversations with companies about our CCPA solutions.
Some key takeaways were:
- Companies that did not have to comply with GDPR are now gearing up to comply with CCPA.
- With regard to data subject access requests, companies should reach consensus internally about how requests will be verified, answered, and tracked. For example, will data subject requests be fulfilled electronically or in hard copy?
- Stakeholders should be aware of and reach consensus on whether the company will use a uniform policy and vendor agreements, or separate policies.
- Conversations on deciding how to address the “Do Not Sell My Personal Information” requirement should start now, if they haven’t already, because implementing the controls may take some time to operationalize.
- Companies can leverage CCPA efforts to comply with the GDPR.