CPRA – What’s New?
Who does it apply to?
Changes concerning how and why data is used and stored.
The CPRA notes that the collection, storage and use of consumer information should be “reasonably necessary and proportionate” to accomplish the organisation’s given purpose. Much like the GDPR, the CPRA makes certain provisions around data minimisation, and the purpose and conditions of storage of consumer data. Simply put, businesses should understand what Personal Data is held, why it is used, how long it is required, and where it is stored.
This understanding of how and why personal data is used should form the basis of any organisation’s data governance policy, and organisations should seek to address the CPRA with a combination of tools that solve for risk control, data minimisation, purpose limitation and data retention and deletion. Asking these questions will allow organisations to lay the foundations for proving compliance with the CPRA whilst also driving trust and transparency around data processing activities – benefits that should be passed on to consumers to drive revenue and long-term customer engagement.
Changes to Special Category Data
So, what now?
Although the CPRA only comes into effect in 2023, it extends much of the existing regulation to bring California’s Privacy Laws closer in line to the GDPR. At their core, these laws are designed to improve a business’ own understanding of how and why consumer’s data is used, and to build trust and transparency around these processes with consumers.
If you’d like to learn how Trunomi helps global businesses operationalise the CCPA, GDPR and all Global Regulations, request a demo at firstname.lastname@example.org.