States Raise Stakes in GDPR-Inspired Privacy Laws
…bandwidth,” which is not surprising given GDPR compliance is sucking up both. However, CCPA is “heralded as the most comprehensive privacy law in the U.S. ever,” according to the IAPP and so it cannot be treated as an aside to GDPR compliance efforts.
The IAPP finds that privacy professionals are determined to protect their company’s reputation and are giving CPPA serious attention. Some are counting on some wiggle room in complying with CCPA while other companies hope to jump ahead using some of the GDPR work they’ve already completed.
“Not surprisingly, organizations that feel most comfortable leveraging their GDPR compliance efforts for CCPA compliance also tend to project earlier CCPA compliance dates, some as early as this summer. Meanwhile, organizations that are most likely to lack time and bandwidth and to struggle with the CCPA’s complexity report compliance targets as late as July 1, 2020 [the enforcement date], and beyond,” finds the IAPP report.
Failure to comply can be pricey in the way of penalties. Fines for non-compliance of the CCPA range up to $7500 per violation, as specified in Section 1798.155(b).