With the CCPA fully in force as of July 1, it is now more important than ever for small businesses to ensure that they are fully aware of their responsibilities and the steps they need to stay to stay compliant.
Data Protection
Certain types of personal data are very valuable to criminals, and can be very damaging to an individual or business if it falls into the wrong hands. As the world becomes more digital and more connected, more of this sort of data is generated and passed between various sources on a regular basis.
Government regulations and supervisory authorities aren’t just about keeping irresponsible parties in line. They also provide vital security guidance to every type of organization that handles sensitive personal, business or government information.
Data protection regulations also ensure that the end user has a transparent view of and a say in the processing of personal data. These safeguards play a significant role in everything from the preservation of civil rights to ensuring that democratic institutions function properly.
Some types of personal data are clear candidates for regulation: medical records, banking information, national ID numbers and so on. But some of these regulations also cover items that might seem relatively innocuous at first glance: home addresses, email addresses, website profile information and so on. For example, the European Union General Data Protection Regulation (GDPR) has stipulations about anything that is unique to an individual to include phone numbers and social media accounts. People have varying levels of privacy preference with these items, but they are often protected by regulation because they can be used for targeted scams and attempts at identity theft.
Given that regulations often take the size and customer count of businesses into consideration in terms of penalties and the scope of protection of personal data, compliance is particularly important for enterprise-scale organizations. You do not necessarily have to have an active business presence in a country or region; simply storing data on or moving it through servers there may subject you to their data protection rules.
Much-needed EDPB guidance on the Schrems II judgment has been released and the picture looks about as grim as possible for impacted companies thus far.
While confirming that SCCs are valid with the Privacy Shield gone, the CJEU underlined that they can only be relied upon when risks have been properly assessed and cannot amount to a “tickbox exercise.
Privacy advocate groups allege that UK Test and Trace rushed the process and did not conduct the necessary data protection impact assessment that the GDPR requires for collection of personal data on this sort of scale.
With the regulation now in force, some businesses may find themselves treating CCPA compliance as merely a checkbox but ready or not, enforcement is here, and the price for non-compliance can be extremely high.
With the LGPD (the Brazilian Data protection Law) coming into force in August 2020, how can companies address the challenges of customer experience?
Without serious privacy reform and a federal law in the US, it may not be possible to draft a Privacy Shield framework that survives another round in the EU court system.
Distributed SaaS platform can help enterprises expand their business, comply with global data regulations, and avoid hefty cyber losses and cybersecurity spending.
Information and data are key elements for an organization’s daily operations and need to be protected properly. ISO standards can help provide requirements, guidance, and recommendations for a systematic approach.
Those little automated data tracking mechanisms are subject to special treatment, consent, opt in and opt out requirements. Have you properly accounted for cookies for GDPR and CCPA?









