Europe has the GDPR. Now Canada and the US are developing or introducing similar privacy protection legislation and all businesses are going to need to be compliant.

Data Privacy: Startups and the CCPA
by Ivan Widjaya,
Nov 27, 2019

The California Consumer Privacy Act (CCPA) was enacted in mid-2018 and is meant to safeguard consumers’ privacy rights within the state of California. CCPA will enable Californians and Americans in general, to enjoy a range of privacy rights by subjecting businesses to stricter regulations. It will apply to both established companies and startups.

Even though the law will go into effect on 1st January 2020, startups ought to understand its critical components as well as what it takes to be compliant. Once the law goes into effect, clients will be able to demand disclosure of all personal data that your business collects from them. Therefore, CCPA seals all loopholes that were hitherto used by businesses to commodify consumer data.

Just [as] is the case with established businesses, startups collect personal details from clients, be it credit card numbers, social security numbers, or addresses. Sometimes, such data ends up getting misused. Likewise, some companies fail to disclose to their clients about the collection of this data in the first place. Until now, companies could do whatever they wanted with consumer data. This was brought to light by the Equifax hacking incident.


To comply, you must move away from business practices that aren’t CCPA-compliant. Similarly, you should understand how your business currently uses customers’ data as defined by CCPA. Internal stakeholders should be involved in this since they will help you pinpoint how and where personal data is collected, stored, used, and transferred. Your startup cannot be compliant if you don’t have a clear picture of personal data flows within your systems.

Most startups have a data privacy policy in place. You need to ensure that whatever policy you have in place meets the requirements of the CCPA. Likewise, you should understand the specific rights that the legislation grants consumers. Compliance requires an in-depth understanding of how the rights apply to a startup based on its business models. Staying compliant might mean updating your data security and privacy policies to match the CCPA requirements, which will undoubtedly keep changing once the legislation is enacted

Top Bottom