Data Protection for Compliance with GDPR
after receiving citation
What is GDPR?
GDPR regulates the export of personal data outside the EU, and requires businesses to protect EU citizens' privacy and personal data when the transaction occurs within EU member states. Non-compliance can result in hefty fines, and in 2019 alone, fines for major infractions totaled over 440 million Euros*.
- WHO MUST COMPLY WITH GDPR?
CCPA applies to all for-profit businesses that do business in California, collect and control the personal information of California residents, and derive 50% or more of their annual revenue from selling California residents' personal information OR have annual gross revenues of more than $25M OR receive or disclose the personal information of more than 50,000 California residents, households or devices each year
- DO I HAVE TO COMPLY IF MY BUSINESS ISN'T LOCATED IN EUROPE?
Yes, if you do business in California or have customers in California, and you meet the criteria above. The scope of CCPA is tied to the where the consumers reside, as it was enacted to protect the rights of California residents.
- HOW IS PERSONAL INFORMATION (PI) DEFINED UNDER CCPA?
Under the CCPA, "Personal Information" is defined as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”
Types of information considered to be personal information include, but aren't limited to, real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, passport number, records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies, biometric information, Internet or other electronic network activity information, geolocation data, and professional or employment-related information.
Any information that's publicly available is not considered personal information under CCPA. Aggregated data and deidentified data are also not considered personal information.
failure to comply
companies on compliance efforts
SOLUTION DATA SHEET