The General Data Protection Regulation (GDPR) was introduced in May 2018, raising many questions about compliance for businesses. However, just as the dust settled, a new legislation was announced for California – the California Consumer Privacy Act (CCPA). This article will explore what the CCPA is, how it compares to the GDPR, and how WordPress websites can comply with both.
The GDPR is a European legislation that focuses on strengthening privacy rights, increasing responsibilities for organizations, and providing transparency for visitors about what happens to their data. This meant that websites had to show a cookie notification, draw up a privacy policy, and give users the opportunity to request and remove their personal data. The CCPA, on the other hand, was signed into law by California Governor Brown in June 2018 and is scheduled to go into effect in 2020. It gives Californians new privacy rights and focuses on control of personal data, protection of personal data, and insight into information acquired by companies.
While both legislations focus on the protection of personal data and sharing thereof, there are many differences between the two laws. For example, with the GDPR it is mandatory to place cookies based on opt-in, while with the CCPA this is based on opt-out. The GDPR applies to anyone who processes personal data, while the CCPA only applies to those who make $24 million profit per year, have more than 50,000 lines of personal data from households, persons or devices, or when half of their profit consists of selling personal data. Fines for GDPR violations are higher than the CCPA, and the CCPA is more prescriptive about disclosures.
For most WordPress websites, compliance with the GDPR likely already required a cookie policy, cookie consent banner, privacy policy, processing agreements, possibility to view personal data and be able to send these data within one month, blocking cookies until permitted, and secure connection (SSL). With the upcoming CCPA, websites will also need a Do Not Sell My Personal Information document, processing agreement with all processors and/or Service Providers, and age verification.
One solution to get CCPA ready is to install a plugin, such as the Complianz plugin. This plugin includes important settings to ensure WordPress sites are GDPR and CCPA ready, including geolocation to determine which cookie banner a user needs, separate processing agreements for each country or legislation, and support for ePrivacy and COPPA laws. The plugin also supplies a disclaimer, cookie policy, cookie consent banner, privacy policy, privacy policy for children, data leak reports, statistics to analyze which cookie banner performs best, A/B testing, and Tag Manager implementation.
In conclusion, compliance with the EU GDPR legislation does not mean compliance with the new CCPA legislation. Websites must pay attention to additional requirements and plan ahead to be prepared. Installing a plugin like Complianz can help ensure compliance with both laws, but it is also important to become more aware of how data is dealt with on websites. As more governments reinforce the importance of privacy protection, it is crucial for websites to get their data management in order sooner rather than later.
