The legislation applies to any for-profit organization in California that collects and processes users’ personal information and conducts business within the state. However, you don’t have to be physically present in the region to be subject to the legislation. Just selling in the state is sufficient to bind you to this law.
Businesses that operate under this law must meet the following conditions.
- Generate at least $25 million in annual gross revenue
- Collect and share personal data of over 50,000 residents of the state every year
- Derives at least half of its annual revenue from selling personal data of the state’s residents
Businesses now have to take into account what constitutes private information, find the data, and secure it. This may go as far as policing vendors to ensure they comply with the new regulations and rights.
Notably, most current privacy laws in the United States are optimized to fulfill various industries’ or sectors’ requirements. Unlike the previous privacy laws, CCPA applies to almost every industry, with only a few exceptions.
Higher Costs for Small Businesses
The legislation hurriedly excluded a massive number of small companies based on very general requirements. Judging from the current definition of business, this law is likely to impact small businesses adversely.
Though 50,000 may seem like a colossal digit, dividing it by the 365 days of the year would leave you with less than 150 users daily. The statement is also ambiguous, considering it doesn’t just apply to customers alone, but households or devices as well.
Most businesses, particularly SMEs, cannot fund the expenses associated with the new law, and most are left to ignore the law or quit the market. Most small entities have to connect fellow small companies or established entities to recoup their bottom line. Unfortunately, only a handful of companies can be deemed to be CCPA compliant.
The Issue with Vague Laws
Most companies in the state were forced to spend on GDPR compliance. The absence of thought and application has made the variation between CCPA and GDPR impose more expenses on entities that have just suffered the expense of GDPR compliance.
What’s more frustrating is that when a GDPR-compliant company implements further adjustment, it would probably risk Californian consumers’ privacy. Making the two regulations harmonious with each other can help businesses significantly.
Despite the challenges, there’s still a positive Impact to laud. Streamlining the collection, storage, and processing of client information can go a long way in boosting the system’s efficiency. You’ll only collect the necessary bits of data and limit the time and resources spent on storing the entire data set.