Skip navigation

Lessons Learned from GDPR to Prepare for CCPA Compliance & Future Regulations

Boris Khazin

Senior Account Manager, EPAM US
Blog
  • Business Information & Media

In May 2018, a monumental regulation came into effect that is setting a precedent for future data privacy standards. To protect consumers, the General Data Protection Regulation (GDPR) outlined a new set of rules for data collection, storage and usage for companies that operate in Europe. Following GDPR, the California Consumer Privacy Act (CCPA) was signed into law in June, helping consumers understand how companies are using their data and requesting that companies delete their data. With the countdown to CCPA in full effect, companies must start preparing for compliance by January 2020 if they haven’t already begun.

Preparing for a new regulation and implementing compliance processes into a company’s ecosystem now enables companies to ultimately save time and money in the future, but there are many challenges to consider. Through our governance, risk and compliance experience and helping businesses prepare for GDPR, there are several lessons we learned that can help your company ease the transition into CCPA compliance:

Understand how it affects your entire company. When we examined how data protected by these regulations is stored and moves throughout a company, we saw two important characteristics: Data access was not significantly controlled within a company and some units had legacy access to data that no one knew about.

While certain departments believed that they did not have access to any private data, we determined that they did have access – they just weren’t using it because they didn’t need to. You should perform a full enterprise analysis to see if there are any access points to data that should be eliminated. C-level support is essential for this, and each internal team must work together to ensure data flow and usage is properly documented and tracked. Processes and procedures must be uniform across the enterprise to make sure that only authorized individuals have access to personal information. Departments must monitor and comply with the applicable regulations, and the enterprise as a whole should also be monitoring data usage and access across departments to ensure compliance. To adhere to regulatory requirements, you can implement well-designed data processing platforms and solutions to manage data access requests, as well as to gain a view of enterprise consent management.

Budget appropriate funds as soon as possible. When it comes to regulatory compliance, there are many factors that play a role in budgeting, so it’s important to start planning as soon as possible. New regulations make a huge impact on any organization’s digital ecosystem, and process and solution implementation can take months. The complexity of the solutions necessary for every company’s unique requirements is proportional to the complexity of the company. This means that the larger and more complex the company is, the more work needs to be done to ensure compliance. As new data flows in or lack of data control needs to be addressed in overall development, you will have to adjust their plan and budget accordingly. Also, when new legal opinions on any given regulation emerges, the regulatory requirements may change and, in turn, change the scope of work that is necessary to achieve and manage compliance. Given the variables that come along with planning for compliance, organizations should account for a significant buffer in their budget. 

Understand How Non-Compliance Will Impact Your Company. Privacy rules are becoming increasingly complex, especially in the US, and while their origins may be at a state level, their impact is global. It’s clear that CCPA is more complex than GDPR. Other regulations, such as SOX, Dodd Frank and HIPPA, have introduced more stringent rules than past regulations as well. For example, unlike GDPR, CCPA has rules for companies that track device and household information. Also, CCPA enables consumers to opt-out from companies selling their personal information, while GDPR does not directly let people opt-out. With unlimited penalties that are associated with CCPA, mistakes can be extremely costly. The penalties for CCPA non-compliance can reach up to $7,500 per customer, so the cost of penalties for non-compliance will likely be much higher than the cost of ensuring compliance for each customer in the long run. Working closely with a technology services partner who understand the details of each regulation will enable you to implement processes and solutions that are flexible and more cost effective for your specific business requirements.

For Companies that Need to Comply with CCPA, the Clock is Ticking. In order to prepare for and manage compliance effectively, companies must implement future-proof, end-to-end solutions that are agile enough to respond to changes in requirements and new regulations. As more and more states in the US gear up for similar regulations in the pipeline, including Hawaii (SB 418), Maryland (SB0613), Massachusetts (SD 341), Mississippi (HB 2153), New Mexico (SB 176), New York (S00224), North Dakota (HB 1485) and Rhode Island (S0234), companies need to act fast and avoid last minute work on preparing for regulations of this magnitude. If not, they risk many sleepless nights and potential heavy penalties that come along with not being ready for compliance.

Related Content

EPAM’s Governance, Risk & Compliance Services

READ MORE


Enterprise Data Governance: Manage Compliance Now and in the Future

READ MORE


Cognitive Automation in Governance, Risk and Compliance

READ MORE

Hello. How Can We Help You?


Our Offices

  • Canada

    • Ottawa

      343 Preston Street,
      ON K1S 1N4, Ottawa
      Canada

      Map
    • Toronto

      5 Park Home Avenue,
      Suite 400,
      ON M2N 6L4, North York,
      Toronto
      Canada

      Map
      F: +1-416-595-1551
  • Mexico

    • Guadalajara

      Periférico Sur #8110,
      Col. El Mante
      45609 Tlaquepaque, Jalisco
      Mexico

      Map
  • United States

    • Newtown, PA

      41 University Drive,
      Suite 202,
      Newtown, PA 18940
      USA

      Map
      F: +1-267-759-8989
    • Bellevue, WA

      110 110th Ave. NE,
      Suite 310
      Bellevue, WA 98004
      USA

      Map
    • Boston, MA

      21 Drydock Avenue,
      Suite 410 W,
      Boston, MA 02210
      USA

      Map
    • Conshohocken, PA

      101 East 8th Ave,
      Suite 201,
      Conshohocken, PA 19428
      USA

      Map
    • Los Angeles, CA

      11601 Wilshire Blvd,
      Suite 350,
      Los Angeles, CA 90025
      USA

      Map
    • New York, NY

      24 West 25th Street,
      5th Floor,
      New York, NY 10010
      USA

      Map
      F: +1-267-759-8989
    • Philadelphia, PA

      30 South 15th Street,
      9th Floor,
      Philadelphia, PA 19102
      USA

      Map
    • San Francisco, CA

      222 Kearny Street,
      Suite 308,
      San Francisco, CA 94108
      USA

      Map
    • San Jose, CA

      2055 Gateway Place,
      Suite 510,
      San Jose, CA 95110
      USA

      Map
    • Washington D.C.

      7901 Jones Branch Drive,
      Suite 400,
      McLean, VA 22102
      USA

      Map
  • Australia

  • China

    • Guangzhou

      Unit B01, 23/F,
      Yuexiuxinduhui Building,
      No. 236, 6th Zhongshan Road,
      Yuexiu District, Guangzhou,
      China 510180

      Map
    • 广州

      中国广州市越秀区
      中山六路236号
      越秀新都会大厦中座 23楼 B01室
      邮编510180

      地图
    • Shanghai

      Room B509, 5th Floor,
      48 Weihai Road,
      Huangpu District, Shanghai,
      China 200000

      Map
    • 上海

      上海市黄浦区
      威海路48号
      5楼B509室
      邮编200000

      地图
    • Shenzhen

      3/F, Block 5, Vision Shenzhen Business Park,
      9th Gaoxin South Road, 
      Shenzhen Hi-tech Industrial Park,
      Nanshan District, Shenzhen,
      Guangdong, China 518057

      Map
    • 深圳

      中国广东省深圳市
      南山区高新南九道
      威新软件园5号楼3楼
      邮编518057

      地图
    • Suzhou

      Building 12, Creative Industrial Park,
      328 Xinghu Street,
      Suzhou Industrial Park,
      Suzhou, China 215123

      Map
    • 苏州

      中国江苏省苏州市
      苏州工业园区星湖街328号
      创意产业园内12号楼
      邮编215123

      地图
  • Hong Kong

    • Hong Kong

      26F&17F, The Wellington Tower,
      198 Wellington Street,
      Central, HK

      Map
  • India

    • Bangalore

      Smartworks,  
      Global Technology Park,
      Block C, Outer Ring Rd,
      Adarsh Palm Retreat, Bellandur,
      Bengaluru, Karnataka 560103
      India

      Map
    • Hyderabad

      10, 11 & 12th Floors,
      Salarpuria Sattva Knowledge City,
      Plot No. 2, Phase - 1,
      Survey No. 83/1,
      Raidurgam Village,
      Serilingampally Mandal,
      Hyderabad, Telangana - 500081
      India

      Map
    • Pune

      SmartWork Business Center Pvt Ltd,
      Suite 8, Level 1,
      West Wing, Nyati Unitree,
      Samrat Ashok Road,
      Yerwada, Pune - 411006,
      Maharashtra
      India

      Map
  • Japan

    • Tokyo

      Floor 1-10-11
      Shibadaimon Centre Building 10th
      Shibadaimon Minato-ku
      Tokyo 105-0012
      Japan

      Map
      F: +81-03-6880-9201
  • Singapore

    • Singapore

      5 Shenton Way
      UIC Building, #10-01,
      Singapore (068808)

      Map
  • United Arab Emirates

    • Dubai

      EPAM Systems FZ-LLC Dubai Branch
      2307 Arenco Tower, Dubai Media City
      PO Box 501929 Dubai
      United Arab Emirates

      Map