Manage and track multiple compliance, risk, and governance operations
Gain control and efficiency with our comprehensive dashboard
Effortlessly centralize document and file management securely
Organize and streamline activities with automated scheduling calendar
Empower compliance with timely notifications, alerts, & deadline tracking
Ensure timely response, accountability, and risk mitigation through escalations
Gain compliance control, mitigate risks, & save time with framework library
Streamline assessments. enhance collaboration, ensure compliance.
Strengthen accountability, compliance, and transparency with audit logs
See our platform in action for free. No credit card required!
Integrate VComply with your everyday tools, and manage compliance and risk better
Manage multiple frameworks, implement controls, and protect your brand
Goin 360-degree visibility with intuitive compliance dashboard
Stay informed and proactive w ith notifications & alerts
Simplify file and document management with ease
Automate compliance workflows for seamless efficiency
Streamline compliance with customizable framework library
Enable collaboration across locations, departments, and teams
Centralize compliance work for streamlined efficiency
Goin actionable insights with robust reporting feature
Automate risk processes, assess risks, align risk and compliance
Identify and track risks using the centralized risk register
Enable collaboration across stakeholders for better resolution
Streamline risk assessment with process automation
Enhance risk visibility with intuitive and centralized dashboard
Establish connection across teams, departments, and locations
Elevate risk awareness through proactive notifications
Manage files & evidence centrally for efficient control
Enhance decision-making with actionable risk insights
Develop, review, approve, distribute, and track every policy with confidence
Efficient policy distribution through central repository
Streamline policy drafting and lifecycle management for simplicity
Simplify compliance with comprehensive policy templates
Simplify policy management with efficient version control
Accelerate policy approvals with automated processes
Collaborate seamlessly with cross-functional teams
Effortlessly measure policy training effectiveness with assessments
Manage policy life cycle with automated reminders and notifications
Streamline audit planning, fieldwork, and reporting using a unified platform
Maintain transparency and accountability with audit trails
Organize and streamline audit with automated scheduling and calendar
Centralize audit files for streamlined evidence collection and management
Stay informed with proactive audit activity notifications & alerts
Streamline audit assessments for comprehensive compliance
Bring audit plans, activities into the single space for complete control
Simplify audits with automated workflow efficiency
Gain 360-degree visibility with intuitive Audit dashboards
Empowering success through streamlined compliance, risk, and governance solutions
Empower your business with simplified regulatory compliance solutions
Empower your enterprise by elevating risk management practices
Transform GRC operations for optimized efficiency and effectiveness
Mitigate risks with seamless third-party risk management
Check out how VComply helps utilities comply with NERC’s reliability standards.
Empower your business with pre-built customizable regulatory and control frameworks
Achieve quality success through ISO 9001 Framework
Deliver compliance excellence with the power of SOX framework
Simplify your security approach with ISO 27001 framework
Navigate cybersecurity excellence with NIST framework compliance
Promote data security through compliance with PCI DSS framework
Unlock trust and security with SOC 2 framework for compliance
See the extensive compliance framework library of over 20+ supported framework
Achieve compliance for your electric utilities with these NERC-approved reliability standards
Empower your industry with unmatched effectiveness and efficiency
Help Financial Services power GRC processes
A smart GRC software that upgrades manufacturing compliance
Modernize banking compliance with VComply
Remove compliance risk from your non-profits
Effectively manage your higher education compliance and risk
Redefine healthcare compliance and risk with VComply
Build, boost your compliance in construction
Strengthen resilience for energy and utility companies
Turn risk into opportunities with F&B compliance software
Stay connected and grow alongside VComply
Stay informed on compliance, risk, audit, and policy management trends
Streamline work with comprehensive guides for seamless management
Navigate complex GRC challenges with valuable e-books
Discover user stories for valuable insights into user-experiences
Access comprehensive definitions and explanations for essential GRC terms
Gain a comprehensive understanding of the features, benefits, and capabilities
Discover insights from experts on the latest happenings in GRC
Learn tips, tricks, and insights to make compliance work for your organization through our expert webinars!
Utilize our go-to templates and checklists to help you stay compliant
Keep in sync with the latest changes by updated framework templates
Get compliance assistance through VComply compliance checklists
Download policy templates that you use to create guidelines and processes.
Discover the power of VComply through our detailed use case guides
Get to know what make VComply the best GRC platform on the market
Discover VComply's value, mission, and vision for better GRC future
Stay informed about VComply and GRC industrylatest updates
Join VComply, redefine compliance, unleash potential
Know about our partnership program
Get to know our board of advisors
Our legal terms of services and privacy policy
Stay up to date on the latest VComply news
VComply offers unparalleled Sales and Customer Support
Send us your sales queries and let us know your needs
Get 24/7 quick and dedicated support anytime
Lets get social
Follow us on LinkedIn for company updates
Join VComply on Twitter for live updates
In this day and age, data is the most important asset that businesses need to protect. All businesses, big or small, have access to more data than ever. This includes customer data, suppliers’ data, accounting data, and more.
The CCPA (California Consumer Privacy Act) has been brought into existence in the state of California for the protection of consumer data and safeguarding their interests.
In this article, we will discuss CCPA in detail and cover topics such as:
● What is CCPA?
● Difference between CCPA and GDPR
● Which business does the CCPA apply to?
● What is personal information under CCPA?
● What are the consequences of non-compliance with the CCPA?
● Steps to become CCPA compliant
The CCPA act was introduced on the 1st of January, 2020, in the state of California to protect consumers’ personal information. This act allows consumers to investigate what information is collected by a business about them, and how the information is used or shared. A consumer can ask a company to delete or alter their information under Section 1 (AB 1146), if they feel it will have an adverse effect or their privacy will be hindered. For example, a customer may not want his photo to be shared after a hair transplant.
In order to comply with the CCPA, businesses should take the following steps:
● First, find out if the CCPA is applicable to your business.
● Update the privacy policy data as per the CCPA.
● Provide an opt-in option for prior consent of the users to sell their information, and from parents for users who are in the under-age category.
● Provide the option ‘Do not sell my data’ for users to opt-out from selling their information.
The CCPA and GDPR both have the same objective, to protect consumers’ data and information from violation. However, there are a few differences between them as we’ll see below:
The CCPA was effective from 1st January 2020, while GDPR came into existence on 25th May, 2018.
CCPA protects information that will identify, describe, or is associated with the consumer, such as photos or videos. On the other hand, GDPR protects a specific piece of information about a consumer, for example, a credit card number.
The CCPA applies only for the state of California, while the GDPR is applicable to any data subjects who are citizens of the European Union.
Businesses that earn more than $25 million, collect data from more than 50,000 consumers, and generate more than 50% of the revenue by selling data accounts of consumers, come under the regulation of CCPA.
Any business around the globe that deals with private data of EU citizens comes under GDPR.
A fine of $2,500 to $7,500 is charged depending on the decision of the Attorney General of California if any law is violated under CCPA.
The penalty under GDPR can be 4% of the annual turnover of the company, or €20 million depending on which is higher.
The CCPA applies to all big and small businesses. All companies that are in the business of collecting data or information from the consumers need to comply with CCPA.
Specifically, businesses that come under CCPA compliance are:
● Businesses based in California or deals with consumers of California.
● Businesses that are engaged in collecting personal data of the consumers.
● Commercial organizations that make more than $25 million gross profit annually.
● Companies that are collecting and selling data for more than 50,000 users.
● Businesses that generate more than 50% of the revenue by selling data accounts of consumers.
● Additional obligations will be implied including the CCPA if the company is dealing with data exceeding 4 million users.
Businesses exempt from the CCPA are:
● Businesses not from California or those that don’t deal with California.
● Businesses not engaged in collecting data of consumers.
● Nonprofit organizations are also exempt from the CCPA.
● Agencies of credit reporting that come under the Fair Credit Reporting Act.
● Financial Companies that come under the Gramm Leach Bliley Act.
● Health care centers that are under HIPAA (Health Insurance Portability and Accountability Act).
Personal information under the CCPA is anything that describes or is associated with a consumer, household, or device directly or indirectly. Personal information covered under the CCPA includes the following:
Information that identifies a customer such as a name, age, gender, photograph, and other related identifiers.
Information such as signature, social security number, driving license number, bank account, etc comes under customer information of the CCPA.
Information detected and recorded electronically such as fingerprints, eye color, retina scan, and similar other biometric data.
Information such as bank details, transactions such as purchase and sale of goods and services, payment of utility bills, etc are all commercial records of a customer.
This refers to information on how qualified a person is, such as a graduate or a postgraduate.
Professional information refers to what a person is professionally engaged in.
Where people live, which places they visit and check-in, where they travel are information records of their location. The new trend of Facebook, Instagram check-ins are examples of showing the location of where a person has visited.
A company that doesn’t comply with the CCPA can be penalized with charges of thousands of dollars. If a business violates any CCPA law and fails to pay the charges, it risks complete shutdown of the business, website, or channel. Consumers are also in a position to sue companies for breach of their private information after a notice period of 30 days. Another body that can sue the business is the Attorney General of California for the violation of any law of the CCPA.
Here are some specific penalties businesses might incur if they fail to comply with the CCPA:
● Charges from $100 to $750 fined per violation if a company doesn’t prove itself just and fair in front of the consumer.
● A fine of $2500 can be charged by the Attorney General of California if the law was violated unintentionally.
● A fine of $7500 will be charged if the Attorney General feels that you have violated the law intentionally.
Here are some steps businesses can take to ensure compliance with the CCPA at all times:
First, you need to know if your business falls under the category to be compliant with the CCPA. To fall under the jurisdiction of the CCPA, your business should be a commercial organization collecting data of consumers of California and generating income of more than $25 million, making 50% profits by selling data, and selling data of more than 50,000 users.
Be sure to keep an eye on all personal information your business is collecting about your consumers. This includes data collected on your website, data your employees are collecting, and so on.
A data map is a very important part of data privacy management. It shows what data you collect, where it is stored, how secure it is, who has access to the data, and the purposes it is used for.
Consistently review your policies and procedures regarding the handling of personal information in your company. Your employees should not be allowed to download data of customers on their devices. For example, accounting data for audit purposes.
Create a process for customers to opt-out and delete their data from your records. This is an important part of the regulation. Customers can opt-out or delete the sharing or selling of their data. This link should be prominently accessible on your website.
A company should promptly respond to customers if they have any requests to change their data usage. Companies should be able to provide information if the consumer asks about their private information and how it is being sold.
Review contracts with the third party vendors on your policies about managing and using customer data. Determine things that need to be changed related to the privacy policy. Outline the responsibilities that will be handled by the third party and include them in the contract.
The CCPA has strict fines for data breaches. Thus, it’s essential that data collected is fully secured and encrypted. Review your security control measures and make sure they’re sufficient to protect your business against breaches.
Employees must be adequately trained and educated regarding the CCPA. They must be aware of the consequences of mishandling data, and how best to communicate with customers regarding their personal information.
The goal of the CCPA is to protect consumer information from being misused and mishandled. Businesses complying with the CCPA are thus likely to enjoy more loyalty and goodwill from customers.
If you’re struggling to keep up with the various laws and regulations your business must comply with, we’ve got a solution for you. VComply’s GRC software makes it easy for businesses in all industries to manage compliance and governance in a hassle free way.
Explore what makes VComply a consistent G2 high performer in Compliance Management. Request your demo today and transform your approach.
Ready to set up a trial of VComply and automate your compliance process?