online businesses may face fines if they fail to comply with new california and eu privacy laws

5 Elements for Architecting Integration Software
Experts believe that enterprise-wide data interchange can be streamlined with a dedicated EDI integration software combined with a focused approach. Here are some best practices for supercharging your EDI program. Learn more.

Governor Jerry Brown last month signed into law the California Consumer Privacy Act. The CCPA is the state’s response to a growing concern that consumers need stronger means to protect their personal information.

The issue came to a head in part due to recent breaches that exposed the personal data of millions of American consumers. However, the CCPA also addresses other privacy incidents that have affected millions of people in California and beyond.

The new law, which is viewed as one of the most far-reaching consumer protection privacy laws in the United States, will go into effect on Jan. 1, 2020.

At that time, businesses will have to comply with a range of new requirements. The CCPA’s end goal is to ensure that consumers enjoy “choice and transparency” when it comes to their personal information. For companies based in California, or for those that do business with clients or customers in California, this could be a truly big deal — and it isn’t something any business should ignore.

However, CCPA isn’t the only new privacy law that online businesses — big or small — need to take notice of at this time. The European Union’s General Data Protection Regulations went into effect this spring, and even with two years of warning, many companies were caught off guard. Many companies geo-blocked their content from IP addresses in Europe as a response to the new regulations.

EU lawmakers approved the GDPR more than two years ago to replace the previous Data Protection Directive in the 28-nation bloc. The goal of the GDPR was to give consumers greater control of personal data collected by companies online. It applies not only to organizations that are located within the EU, but also to companies outside the region if they offer goods or services in the EU or have any type of digital footprint with consumers there.

CCPA Controversy

CCPA has been the center of controversy, as its many critics have contended that it was a hastily passed law that came about only as part of deal brokered by the state legislature and Brown as a way to avert what could have been an even more costly fight over a proposed ballot initiative.

That proposal, which was backed by the state’s privacy activists, could have resulted in an even more stringent measure appearing before California voters in November.

CCPA grants residents in California the following rights: 1) to know what personal information is being collected about them; 2) to know whether their personal information is sold or otherwise disclosed and to whom; 3) to say no to the sale of their personal information; 4) to access their personal information and request deletion under certain circumstances; and 5) to receive equal service and price, even if they exercise their privacy rights.

At this point it is still unclear as to how CCPA actually will be enforced, but those violating the law could face fines ranging from US$100 to $750 per consumer per incident. More importantly, CCPA also empowers the state’s attorney general to pursue cases against businesses for damages of up to $7,500 per instance for “intentional violations.”

“CCPA deals with the data of California consumers,” said Laura Jehl, a partner with BakerHostetler and co-leader of the firm’s General Data Protection Regulation initiative.

“Not that many businesses online in the United States don’t have any California customers,” she told the E-Commerce Times. “If you offer goods and services and don’t comply with the law, you could face a fine. In California, it is also up to the discretion of the state’s AG to determine whether to go after violators.”

GDPR and American Companies

American companies — especially smaller firms — may think they won’t be affected by the EU’s GDPR, but that could be as far-reaching, or even more so, than CCPA.

“U.S. small businesses may or may not need to address GDPR compliance, as GDPR applies to any EU business and companies that process the personal data of EU citizens,” said…