GDPR came into effect in May 2018. Beginning in January 2020, California takes a major step in putting protection and control into consumers’ hands. Now, businesses must prepare for GDPR, CCPA, and FISMA compliance.
Understanding DSAR [Data Subject Access Request]
Here in the US, businesses must prepare for incoming DSARs starting in January 2020. A data subject access request can be placed by an individual who wishes to learn what data a business or organization is storing about them. These requests can also allow them to learn why this data is being stored and what other businesses or individuals have access to the data. When a business receives a DSAR, it’s crucial for them to respond in a timely fashion. Not only is this critical to remain compliant with regulations, but it also helps to build trust with consumers.
Searching individual data within structured and unstructured data sources is an enormous task and is time-consuming. Ardent automates that process to help your business respond to DSARs in a timely fashion.
GDPR and CCPA Compliance
Known as the California Consumer Privacy Act, or CCPA, this new law addresses growing privacy concerns. Specifically, leading tech companies sell and give access to personal information. This often occurs without consumer knowledge of what happens when their personal information gets collected online.
Ultimately, CCPA compliance will result in strict controls around consumer data usage by businesses. Additionally, tech companies will face major fines for not complying.
GDPR can also apply to the companies within the United States which handle EU citizens’ data and US companies that have a presence in Europe.
Other states that have data privacy laws in place along with California include:
Financial Penalties for Failing to Comply
Failing to meet GDPR compliance comes with financial penalties. For instance, GDPR mandates either 20 million Euros or up to 4% of annual global profits for noncompliance. A data breach comes with the same penalty rates.
Fines for not meeting CCPA compliance cost up to $7,500 per violation. Critics point out that businesses are in violation at the point of breach. Alternately, sanctions for not following GDPR compliance occur sooner. A business gets fined for just being at risk of suffering a breach.
Currently, no sanctions apply for not complying with CCPA. However, CCPA does allow consumers to sue a business for violation.
Consumer Rights Under GDPR and CCPA Compliance
In addition to suing a business for violating CCPA compliance, consumers have other rights. For example, they have the right to opt-out of selling personal data.
Both CCPA and GDPR allow consumers to request the deletion of personal information. However, some legal exceptions apply.
Furthermore, CCPA grants consumers’ rights such as:
- Knowing data collection practices of businesses including personal information categories, source of information, and which entities receive the collected information
- Receiving copies of personal information collected 12 months before their request
- Having personal information deleted
- Knowing data sales practices and requesting not to sell their personal information
- Not experiencing discrimination for exercising their right
GDPR compliance focuses primarily on all data related to identifying a person. With CCPA compliance, both the consumer and household are identifiable entities. This means protection for any information directly or indirectly linked to a person residing in California.
In either situation, businesses must test their processes for handling consumer data. Differences do not lessen their obligation to accommodate consumer rights. As a result, businesses must prepare to locate and disclose how they choose to use personal data.
Compliance with FISMA Privacy Controls
In 2002, the Federal Information Security Management Act for all federal agencies to implement a program or process to protect the privacy and security of the information they gather. This regulation is part of the larger E-Government Act in 2002 to help organizations and agencies manage processes electronically. FISMA included an additional privacy control family some time back. It is important for government agencies to automate those privacy controls. The ardent data privacy platform provides the means to comply with those controls and automates the process.
Requirements of FISMA include the following:
- Privacy Impact and Risk Assesment
- Privacy Requirements for Contractors and Service Providers
- Privacy Monitoring and Auditing
- Privacy-Enhanced System Design and Development
- Data Minimization and Retention
- Minimization of Personally Identifiable In Information
- Data Retention and Disposal
Get Help with GDPR and CCPA Compliance with Ardent
With Ardent solutions, we help automate these processes to help your business remain in compliance with GDPR, CCPA, FISMA, and DSARs. Our data privacy platform helps us provide the following solutions for businesses:
- GDPR, CCPA & FISMA Privacy Compliance
- Secure Test & Research Data
- Privacy and Security Impact Assessment
- Supply Chain Security
Increasing data breaches mean consumers are more aware of how their data gets used. As a result, businesses must know how to handle breaches or avoid them altogether. Team Ardent can help you strengthen trust between consumers and your data collection practices.
Ardent data privacy platform helps your business to be ready for regulatory compliance in ways such as:
- Locating personal data assets using machine learning
- Minimizing excess and unwanted data
- Deleting excess data securely
- Quickly responding to consumer DSAR requests
- Define and automate secure data lifecycle