Got golden state data? Your Salesforce may need TLC for California Privacy Rights Act & California Consumer Privacy Act.
CCPA Governance
Track and inventory Personal Data across your enterprise—document data collection and movement for internal and to 3rd parties.
Assess your organization’s posture for CCPA compliance, identify gaps, and mitigate risks. Use our pre-built templates or create custom assessments for your unique requirements.
1798.130, 1798.120 (a), 1798.135 (a)
Enable branded self-service request portal for common Subject Access Requests (SAR) for seamless customer care.
Simplify the logging of SARs, verification process, generation, and delivery. Support multiple regulatory requirements such as offering different Portability documents for GDPR vs CCPA.
1798.135.(1)(2)
Obtain and track Consent to ensure data processing is in compliance with privacy laws. Cloud Compliance offers a full lifecycle, including a self-service capability.
Enable localized consent banners with a description of a consumer’s rights and a clear and conspicuous Do Not Sell link or button.
Manage Communication Preferences and consent in a centralized repository to avoid Consent fragmentation. Integrate consent and communication preferences with Salesforce, Marketing, and other systems.
CCPA Governance
CCPA does not mandate Data retention, but it is the best defense to limit breach exposure
1798.135.(1)(2)
Manage and update policies in Salesforce for multiple regulations, countries, and languages.
Enable localized consent banners with a description of a consumer’s rights and a clear and conspicuous Do Not Sell link.
Disclose privacy notices across websites, mobile apps, and others. Securely collect audit-ready proof of acceptance during customer onboarding and other business processes.
CCPA Governance
Protect your organization by masking or erasing sensitive data in your sandboxes.
Automate common tasks and sandbox readiness to ensure data hygiene and business usability of data while staying compliant with CCPA security measures for data processing.
Your customer’s privacy is more than a compliance initiative. Privacy is a basic human right that your organizational ethos should align with.
Privacy violations are magnified disproportionately in social media. Bad publicity impacts your company’s leadership, stock price, and financials.
Many organizations have been penalized for their privacy oversights. Regulatory authorities are scaling up faster than the time you may need to design compliance policies.
Building trust in a digital world is difficult enough. Erosion of trust due to unsavoury privacy incidents can permanently damage your business.
The California Privacy Rights Act (CPRA) is a state-wide data privacy bill passed into legislation in 2020 – with the goal of safeguarding and protecting the personal data privacy of residents of California.
CPRA results from a ballot initiative supported by a data privacy advocacy group called Californians for Consumer Privacy. CPRA adds more elements to CCPA to make it more comprehensive and far-reaching. CPRA will come into effect from January 1st, 2023.
CPRA applies to your organization if it –
1. Generates 25 Million dollars in gross revenue.
2. Has more than 100,000 consumers in California.
3. Derives more than 50% of the revenue from the sharing of personal data.
If your organization meets the above three criteria, then CPRA would apply irrespective of where your organization is physically located or registered. CPRA does not apply to Non-Profits.
No. Non-profits are exempt from CPRA enforcement.
CRM systems such as your Salesforce Org may contain personal data of your prospects, customers, employees, and partners.
To ensure CPRA compliance, you can standardize, automate and enforce CPRA-specific requirements with Cloud Compliance’s Apps that are available from AppExchange.
Some common use cases where Salesforce customers use our Apps include:
GDPR is the framework legislation of Europe while CCPA & CPRA are the framework legislations of California.
The essence of both these laws is the same – to protect the data privacy of their respective constituents.
GDPR applies to EU residents while CPRA/CCPA applies to Californian residents. They do differ in terms of their requirements also. Please refer to this short video for additional information.
