While many associations are still working to comply with GDPR, the State of California passed a new Consumer Privacy Bill that will have a significant impact on numerous organizations around the world. Here is what associations need to know:
REQUIREMENTS
Associations that need to comply with the new regulations are required to give California consumers an effective way to control their personal information by ensuring the following rights:
- The right of Californians to know what personal information is being collected about them.
- The right of Californians to know whether their personal information is sold or disclosed and to whom.
- The right of Californians to say no to the sale of personal information.
- The right of Californians to access their personal information.
- The right of Californians to equal service and price, even if they exercise their privacy rights
STARTING POINT
The first step to managing data privacy is to document what personal data you have and what processing you are doing with it. All subsequent steps are dependent on this information being accurate.
In order to mitigate the risks related to data privacy compliance whether it be GDPR, California Privacy, or future state/country specific requirements, this list will be helpful:
Documentation:
- Identify special categories of data processed
- Document processing activities
- Determine legal basis for processing (Like you did for GDP