What are the CCPA penalties? What happens if you don’t comply? In this post, we explain the main consequences of CCPA non-compliance and show you how you can avoid them.
As with many other laws on data privacy, the California Consumer Privacy Act has quite a severe approach to non-compliance.
The CCPA provides for fines of up to $7500 per individual violation, and consumers have also the right to sue businesses for damages. Though the right to sue only applies to the actual business (aka the data controller) and not to “service providers”(processors)acting on their behalf, the associated fines are between $100 and $750 –per violation– or any higher amount related to actual damages.
The state can bring charges of up to $2,500 per violation for businesses that unintentionally violate the CCPA, and fines of up to $7,500 per violation, for businesses that commit intentional violations.
Compared to the GDPR, which provides for fines up to EUR 20 M (22 M USD) or 4% of annual global revenue, these fines might not seem particularly large. However, keep in mind that these fines apply per individual violation and per consumer. For a business with even just a few customers, these fines can add up to a hefty sum.
In order to avoid penalties, there are a few steps to follow to comply with CCPA.
The first thing you need to do is to honestly assess and review your activities.
Ask yourself what types of data you collect, what are the purposes of your collection, which third parties are involved in the processing, etc.
This step will help you determine which legal documents you may need and how to handle users’ requests.
Third, you should make sure you’re honoring the user’s right to opt out of the sale (or sharing) of their personal data.
Under the CCPA, while you don’t need opt-in or prior consent of your users before sharing or selling their data, you must inform them of the sale activity and provide them with an immediate way to opt-out.
That’s why you need to show a “Do Not Sell My Personal Information” (“DNSMPI“) notice, upon the user’s first visit to your website or app.
iubenda’s solutions can help you comply with the CCPA, in minutes.
With our Cookie Solution, you can display a “Do Not Sell My Personal Information” notice and manage opt-outs.
It also supports the CCPA Compliance Framework by IAB (Interactive Advertising Bureau), which establishes a process for publishers and their partners to comply with new regulations regarding the sale of consumer data to technology companies.
Then, you may need to keep track of your users’ requests, because the CCPA mandates that opted-out users may not be contacted for a minimum of 12 months after the request.
Our Consent Solution hooks onto your web-forms to let you automatically pass consumer preference details like opt-out via API to a centrally managed visual dashboard. It’s prudent to keep records of opt-out details such as the particular user, the date, and sub-contractors to be notified in the case of requests.
Our Internal Privacy Management Solution lets you accurately record relevant details necessary for fulfilling Consumer requests with precision. The solution records:
Achieve CCPA compliance for your site, app and organization. Easily manage consent, processing records and more.