Does Your Website Need to Comply With Recent CCPA Privacy Laws?

You've probably heard of GDPR laws in Europe, but have you heard of CCPA?

Around the world, personal privacy legislation has been set out to enforce strict standards for organisations on what information can be collected and how they store personal data from their consumers. The California Consumers Privacy Act is one of the latest laws introduced following GDPR which is leading the way for other jurisdictions and how personal data is dealt with.

CCPA went into effect on January 1^st 2020 but becomes enforceable from July 1^st 2020, which means there's a bit of time to scrub up on your privacy processes if you haven't already…

But first things first, what actually are they?

GDPR: General Data Protection Regulations in Europe

Is a set of rules designed to give EU residents control over how companies collect, store, use and manage their personal data. Any company in the world that offers goods or services to customers in the EU needs to be GDPR compliant.

CCPA: California Consumer Privacy Act

While similar to GDPR, CCPA covers more legislation in regards to the selling of personal information and non-discrimination to users who may exercise their rights under CCPA - in other words, treating all users equally even if they want to edit, change or erase their information. Like GDPR, any company that deals with customers in California needs to be compliant with these laws.

So, does this all affect us here in New Zealand?

Well, yes!

While you may not live in Europe or California, if your company collects personal information from customers in those regions, these laws apply to you as well! Add to that, that the New Zealand Privacy Act is already in the process of being overhauled to align with these digital privacy requirements, and it's about time we scrubbed up on your data processes.

When collecting data online for any purpose, including eCommerce, a general enquiry or personal information to make a booking or purchase, these laws govern not just how you collect data but how you store and manage this information as well. Companies are required to have a comprehensive privacy policy in place as well as be able to respond to individual requests from users regarding their data and comply with the relevant legislation for where your customer resides (yes, you might have to be compliant with not just one, but two policies!).

Now if you operate exclusively within New Zealand, it's pretty straightforward for you. But for those working in travel and tourism, exports or more, it's likely you'll need to make adjustments to your privacy policy and procedures, or you risk penalties.

At Terabyte, while we're not privacy lawyers, we are technologists who can design your digital assets to do almost anything under the sun! Over recent years we've ensured we're continuing to update our best practice around permission, collection and storage of personal information on both new builds and updating older builds. If you're umming and ahhing about if your processes need some work, they probably do! Let us take a peek at your data processes so we can get you up to scratch and you don't risk those pesky penalties.