• Previously, we discussed how businesses should prepare for the CCPA by determining their compliance obligations and identifying how to create and execute their plans for compliance. Continuing on the topic of CCPA readiness, we’ll talk about steps 2 and 3 of the 5-step readiness plan: awareness and designed future-state. 

    Please note: this post applies to the CCPA as currently written, as of August 14, 2019; if the bill is amended, this post may be updated.

    Awareness: securing internal support

    Privacy regulations like CCPA and GDPR have massive impact across many facets of a business. To ensure alignment across these fronts, compliance must start from the top.

    It’s crucial to make sure leadership teams are aware of the CCPA’s requirements and how it affects their organizations. This is where the work from step 1—audit, analysis, and assessment—comes into play. If the impact has already been scoped, communicating the need and explaining the rationale for compliance to the necessary stakeholders and subject matter experts is straightforward. Additionally, the specific nature of step 1 provides for a more targeted approach to communications to the people who will ultimately be responsible for carrying out the changes.

    Step 1 is identifying the members of a compliance task force, and step 2 is getting them on board.

    Designed future-state: preparing the compliance blueprint

    Knowing what needs to change is one thing. Figuring out how to do it is another. At this juncture, the stakeholders notified should identify the best way to enact the requirements outlined in step 1, while working in tandem with legal to ensure compliance. Stakeholders should meet regularly so everyone can report back on milestones and progress and share any learnings or advice based on their work.

    By the time you’ve completed steps 2 and 3, you should have a strong framework for compliance. However, it’s important to stay aware of any changes and clarifications related to the CCPA. 

    Subscribe to RampedUp.us to be one of the first to read the next blog in our CCPA readiness series on steps 4 and 5: creating an operationalization model and ongoing governance.

    The information provided in this blog does not constitute legal advice. Please consult your legal counsel to obtain legal advice.


    Subscribe to RampUp