To anyone looking at a distance on the effects of the General Data Protection Regulation (GDPR) and thinking “that won’t affect me,” think again. The CCPA is almost here. Several states and countries are following suit.

Last year, California passed the California Consumer Privacy Act (CCPA or California Privacy Law for short). It’s due to come into effect on January 1, 2020, for its first iteration. Similar to the GDPR, it will be reaching far beyond the Golden Gate Bridge.

Are you a for-profit business in California? Do you work with companies in California? Then the CCPA states you must comply if you meet any of the criteria below:

– Your business obtains or distributes personal information of 50,000+ individuals or more.
– The company makes a gross revenue of $25 million or more per year.
– The business gains, at minimum, half of its earnings by selling personal information of California residents per annum.

Also, it’s far more austere, giving residents of California more power over their data than practically any present-day law on record in the US. The CCPA states, “a consumer shall have the right to request that a business delete any personal information about the consumer which the business has collected from the consumer.”

Additionally, it says that companies must provide the following personal information to the consumer upon request:

– What data or personal information a company has about them
– Where the company obtained it
– Why they have their data/personal information
– Whom they share it with

Last but not least, CCPA pro Californians with the freedom to refuse businesses to sell their data to third parties. So, even if you’re not basing your organization in California, there’s a strong possibility your org is included in CCPA if your consumers, customers, users, or employees are based there.