Sandwich

Copenhagen

Odense

Denmark.

Berlin

Hamburg

Düsseldorf

Germany.

Paris

Strasbourg

France.

Dnipro

Mykolaiv

Ukraine.

Chisinau

Moldova.

Sofia

Veliko Tarnovo

Gabrovo 

Plovdiv

Bulgaria.

Hanoi

Vietnam.

Boise

New Jersey

USA.

Bukarest

Romania.

Vienna

Austria.

Home

About

Work

Services

Insights

Contact

English

Dansk

Français

Deutsch

English UK

<div class="" data-block="true" data-editor="cvgtb" data-offset-key="f2sfk-0-0">
<div class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="f2sfk-0-0"><span data-text="true">CCPA and GDPR. Two distinct regulatory acts with one joint mission: to protect user data. They’ve already gone into effect, both have penalties for not complying, and both acronyms can send a chill down your spine if you’re in charge of managing a website for a company they impact.</span></div>
</div>
<div class="" data-block="true" data-editor="cvgtb" data-offset-key="b7d63-0-0">
<div class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="b7d63-0-0"></div>
</div>
<div class="" data-block="true" data-editor="cvgtb" data-offset-key="6l32i-0-0">
<div class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="6l32i-0-0"><span data-text="true">These two acts are similar in structure and purpose but have fundamental differences. Much like GDPR impacts anyone doing business with a member of the European Union (whether that business is located inside or outside the EU), the CCPA specifically affects for-profit companies that conduct business in California. </span></div>
</div>
<h4><strong>The CCPA (California Consumer Privacy Act) gives consumers in California explicit privacy rights, like:</strong></h4>
<ul>
<li>The right to know what personal information is collected, used, shared, or sold;</li>
<li>The right to delete personal information collected by businesses;</li>
<li>The right to opt-out of their personal information being sold; and</li>
<li>The right to non-discrimination of price or service when a customers exercises privacy right under CCPA.</li>
</ul>
<p>Similarly, the <a rel="noopener" href="https://ffwagency.com/learning/blog/understanding-eus-new-general-data-protection-regulation-gdpr" target="_blank">GDPR (General Data Protection Regulation)</a> enforces data protection for citizens of the EU, and protects the following privacy rights:</p>
<ul>
<li>The right to be informed;  </li>
<li>The right of access;  </li>
<li>The right to rectification; </li>
<li>The right to erasure (right to be forgotten);  </li>
<li>The right to restrict processing;  </li>
<li>The right to data portability;  </li>
<li>The right to object; and </li>
<li>The right not to be subject to automated decision-making including profiling </li>
</ul>
<p>Other key differences to know:</p>

<h4>CCPA requirements to note</h4>
<p>There are some major takeaways from CCPA to keep track of, like:</p>
<p>Notifications: Consumers must be notified that their data is being collected before or during data collection.</p>
<p>Notices: Businesses required to comply with CCPA must provide notice to consumers if intending to sell their data:</p>
<ul>
<li>“Selling” means: selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration.</li>
<li>Your homepage should have a clear link titled “Do Not Sell My Personal Information,” which points to an opt-out page. 
<ul>
<li>You should note that it’s completely legal to create a separate, California-specific homepage (so you can keep the “Personal Information” text off your US-focused homepage) as long as you take reasonable steps to ensure California Consumers are directed to the homepage with the CCPA text.</li>
<li>You’ll also need to update your privacy policy to share information about the foregoing link, a description of this right, and any California-specific description of your Consumers’ privacy rights.</li>
</ul>
</li>
</ul>
<div class="" data-block="true" data-editor="cvgtb" data-offset-key="f2sfk-0-0">
<div class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="f2sfk-0-0"><span data-text="true">Timing: Businesses must respond to consumer requests to know, delete, and opt-out within specific (and yet-to-be-announced) timeframes. </span></div>
</div>
<div class="" data-block="true" data-editor="cvgtb" data-offset-key="2qbpt-0-0">
<div class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="2qbpt-0-0"></div>
</div>
<div class="" data-block="true" data-editor="cvgtb" data-offset-key="7s1m2-0-0">
<div class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="7s1m2-0-0"><span data-text="true">Identity verification: Businesses must verify the identity of consumers who request to know or delete their information.</span></div>
</div>
<p>Age restrictions: Business must receive consent to sell data of users under age 16, and parental opt-in to sell data of children who are under 16 years old; meaning business will need to ask consumers who reside in California to verify whether they are 16 years of age or older before they can begin selling any data obtained from a minor.</p>
<p>Financial incentives: According to the OAG, “Businesses must disclose financial incentives offered in exchange for the retention or sale of a consumer’s personal information and explain how they calculate the value of the personal information.”</p>
<p>Record maintenance: Businesses must maintain records of requests and how they responded for 24 months to demonstrate compliance. </p>
<p>Privacy policy: Privacy policies must include a description of a consumer's rights to:</p>
<ul>
<li>Request disclosure of information collected (GDPR).</li>
<li>Request disclosure of information sold.</li>
<li>Nondiscrimination relating to Consumers who exercise CCPA rights; and</li>
<li>opt out, along with a separate link to the “Do Not Sell My Personal Information” opt-out page.</li>
</ul>
<p><em>Source: <a rel="noopener" href="https://oag.ca.gov/system/files/attachments/press_releases/CCPA%20Fact%20Sheet%20%2800000002%29.pdf" target="_blank" title="CCPA Fact Sheet">CCPA Fact Sheet</a></em></p>
<p>Checklist for becoming CCPA compliant</p>
<p>If your business meets the requirements for CCPA, you’ll want to ensure that:</p>
<ul>
<li>You have a cookie notification opt-in for those who come to your site.</li>
<li>Your outbound communication has a clear opt-out option on all communications.</li>
<li>You’ve updated your homepage with a message that states,”Do not sell my personal information,” which links to an opt out form. </li>
<li>You’ve updated your privacy policy.</li>
<li>You’ve received explicit consent to sell personal information from anyone under 16.</li>
<li>You create a process for responding to opt-outs in a timely manner. </li>
<li>You’re disclosing any financial incentives and how the value was calculated. </li>
<li>You create a system for maintaining accurate records of requests and responses. </li>
</ul>
<h4>Feeling overwhelmed, perplexed, or even downright scared of these recent laws?</h4>
<p>You’re definitely not alone. Many businesses across the board are still confused on what they need to accomplish to be compliant, especially with CCPA. To get the latest information on CCPA and how it will impact your website needs, <a href="http://www.ffw.com/contact">drop us a line</a>.</p>
<h4>Contact FFW if you need a website update made ASAP.</h4>

CCPA vs. GDPR

Thought

FFW Awarded 'Top Workplace USA' Honor

MFEs – a solution for scaling development

How we killed the website replatform

Open-source software: A CMO’s competitive advantage

7 Things to Think About Before Starting a New Drupal Project

How to redesign your digital presence in 2020

What Personalization is not

Projects no longer in office? How to lead a remote project management team

How to keep your sales team productive during a crisis

Lead a remote marketing team and improve communication

10 things to try when leading a remote design and creative team

Trust. Transparency. Adaptability

37 best practices for leading remote teams

Covid-19 and online banking: Your website = #1 branch

Future-proof and remote-proof your site with continuous development

Free learning resources to consider while stuck at home

Drupal community raises $500,000 in record time

Building Platforms for Millions with NBC Sports Digital

Acquia DXP: Solve silos. Create winning experiences

Better Drupal Page Building with Acquia Site Studio

WomenLift Health: A strong web presence during COVID-19

Scale your content operations with Acquia Drupal Cloud

Acquia Marketing Cloud: A 360 view of your customers

Headless CMS 101

VENN and FFW develop high experience digital platform

Life Returns To Normalcy, Here's Why Business Never Will

KPIs: Benchmarks for Digital Success

Better data quality through automated testing

Supporting the Empowerment of Women in Tech

She believed she could, so she did

How Best of Breed Can Build a Better Customer Experience

How to Make Your Next Website Redesign as Painless as Possible

Calming Content Chaos with Contentful

How Drupal Manages Content for Your Customers' Entire DX

How to Set up a Good User Research Interview

It's a New Year...But Are You Feeling Stuck?

Drupal 8: End-of-Life on November 2, 2021

Flip the Narrative on Accessibility

Why It Makes Sense (and Cents) to Incorporate Accessibility Best Practices

FFW Partners with Digital Asset Mgt Provider, MediaValet

Accessibility in Action

How to Build Your Digital Estate Strategy to Scale

The 5Cs of digital experience in a post-COVID world

FFW Awarded 'Top Digital Agency' Honor

FFW Adds to World-Leading Acquia Expertise

Investing in the Health of Remote (and In-Person) Teams

4 Key Trends that will influence Technical Decision Making

How WebOps Moves Your Mission Forward

How to Build a University Website That Actually Works

About asteroids, ice cream and lots of good talks

Supporting the Next Generation of Tech

Web accessibility raises brand recognition

Dynamic Without Limits: 2022 Next.js Event Recap

Women in Drupal Awards 2022

3 Reasons That Discovery Is Vital To Your Next Redesign

Multi-Site Approach: Save, Scale, and Build Loyalty

FFW Honored With 2022 Acquia Engage Award

Accessibility. What it is. Why it matters.

What is a DXP?

How Higher Ed Can Improve Analytics Governance with GA4

What is Continuous Development?

Drupal 9 end-of-life – not the end of the world

What is Personalization?

FFW & IES Abroad Honored with Webby Award For Best Website Structure

Decoding Technical Jargon

Contentful Storylines: The future of content storytelling

Unlocking the Power of Vertical Slicing

How to Optimize Personalization On a Website

Acquia Engage Awards 2023

FFW presents Women in Drupal Award 2023

Expert Tips for Efficient URL Mapping with ChatGPT-3.5

FFW and Clients Celebrate Three Acquia Engage Award Wins

Navigating Key Technical Decisions in a world of complex digital platforms

Navigating Headless: Is It Right for Your Next Web Project?

Artificial Intelligence in Drupal

JAKALA celebrates 24 years of excellence

MVPs - A deep dive into their challenges and potentials 

CCPA vs. GDPR

February 26th, 2020