Merely a few months after GDPR came into effect in May of 2018, another local privacy regime was introduced, this time by the State of California. The California Consumer Privacy Act, or the CCPA, has concretized and codified a series of user privacy rights applicable to any business employing Californian employees or conducting business with California-based users online.
And after several months of analysis and review, Dynamic Yield is proud to announce its full compliance with the CCPA, ahead of its official enactment date on January 1, 2020.
CCPA introduces several new concepts, requiring businesses to which the CCPA applies to adapt any non-complying architecture and amend business operations accordingly.
Among these concepts:
- End-users have the right to request access, receive, rectify, and delete any personal data collected of theirs and that it be dealt with in a lawful and non-discriminatory manner.
- End-users are to be notified whether or not their personal data has been “sold” (as defined by GDPR) or shared with any 3rd party.
- Businesses handling personal data of California consumers have clear incident response policies and are sufficiently equipped to handle any potential breach or loss of data.
- Businesses confirm their commitment to end-user personal data security by employing clear information security policies and guidelines.
Please note, the list above is not exhaustive. To read more about the CCPA please visit California Legislative Information.
Dynamic Yield has taken the necessary steps and measures to ensure its compliance with CCPA, some of which we’ve highlighted below:
We have reviewed our existing policies, including those related to handling data subjects’ requests and internal security, ensuring they satisfy the various requirements imposed by CCPA.
We have updated our data processing addendum to cover personal data shared under the CCPA. Some of these changes include our abandoning of the Privacy Shield framework for EU-US data transfers and reliance, instead, on Standard Contractual Clauses (SCCs). SCCs provide a more comprehensive description of the types of data collected as well as the collection purpose, and the provision of further details regarding the subprocessors we use as a processor of our customers’ data.
Across all areas, we’ve introduced enhancements and changes based on best practices and our experience handling customer queries since the enactment of GDPR.
Dynamic Yield remains committed to our customers’ privacy and that of their end-users and shall remain at the forefront of monitoring developments in privacy and security so that we can continue to protect the vital interests of our customers. If you wish to receive further information on this topic, please visit our compliance page at dynamicyield.com/compliance or contact firstname.lastname@example.org.
** Please note that Dynamic Yield is not in any position to provide customers with legal advice on their requirements under CCPA, and suggests that customers consult their legal counsel on how best to prepare for CCPA’s implementation and enforcement.