Privacy Regulation:A tactical approach for achieving compliance with the CCPA

Authors

Gary Rowe – CEO,Principal Consulting Analyst

Doug Simmons – Principal Consulting Analyst

John Myracle – Principal Consulting Analyst

Abstract

Pervasive privacy regulations are gaining traction at a global level with escalating  financial penalties. Current and rapidly emerging laws primarily address those organizations that collect, process, and share an individual’s personal information.

This report looks to demystify the most significant privacy and data protection legislation and to net out the most essential and challenging requirements. We’ll start with an overview of the current and upcoming privacy regulations and then focus on the California Consumer Protection Act (CCPA) in light of the European Union’s General Data Protection Regulation (GDPR) to develop an understanding of the breath, scope and depth of what is involved to be in compliance with the California act.

This is the first of a series of reports designed to provide TechVision Research clients with practical information to assist in developing plans, processes, and procedures for becoming compliant with multiple conflicting yet overlapping privacy laws. While this report primarily focuses on CCPA since this is the current legislation that was recently defined and will be enforced in 2020, the core principles described in this report will apply to many global privacy and data protection legislation.

This report provides a tactical and strategic context for addressing key regulatory controls in the form an overarching privacy strategy, high-level recommendations and next steps to understand the risks and move towards CCPA compliance.