By Jennifer Kashatus

Effective January 1, 2020, a new game-changing privacy law will go into effect in California:  the California Consumer Privacy Act of 2018 (CCPA). The law will have profound implications for companies that collect personal information, as that term is broadly defined, about California consumers, even if the Company is not based in California. For many companies, compliance with the law will require substantial implementation time, not only to address the legal issues but also to implement any operational changes that may be necessary for your company to be able to meet the requirements with the law. We often are asked whether applying an EU-like GDPR compliance program to California residents will be sufficient to address CCPA. There are substantial differences between GDPR and CCPA, such that compliance with GDPR will not cover all of the CCPA requirements. To this end, we have prepared an overview of the CCPA as well as a brief comparison of key individual rights under GDPR as compared with CCPA.