The California Privacy Protection Agency (CPPA) has laid out new regulations for the California Consumer Privacy Act (CCPA), particularly emphasising the requirements for data maps, retention schedules, and cybersecurity audits under the upcoming Article 9. This article explores these regulations and what organisations need to prepare in advance.
Key Points
- Organisations with over $100 million must complete their first cybersecurity audit by April 2028.
- A data map and inventory detailing personal information storage and access is essential.
- Records retention schedules need to be established for personal data that is no longer needed.
- A remediation plan must document how identified gaps will be addressed.
- Written certifications confirming compliance with the audit criteria must be submitted.
Why should I read this?
If your organisation is in any way dealing with consumer data, you really can’t afford to miss this! The new CCPA regulations are around the corner, and being caught off guard could lead to serious compliance issues. This summary gives you the heads-up on what you need to get ready now. We’ve done the legwork for you—save yourself the hassle and get informed!