How will CCPA play out in its early days? GDPR offers clues

Steve Stein and Austyn McLoughlin look at the likely early days of that California Consumer Privacy Act (CCPA) through a General Data Protection Regulation (GDPR) lens.

U.S. residents are accustomed to receiving massive volumes of spam emails that they just consider it part of the American consumer experience. Indeed, this is an example of consumerism in the US having more importance than individual privacy

But as of July 1, 2020, it will be a whole new ball game. Because that’s the day that California Consumer Privacy Act (CCPA) rules and regulations will go into effect.

So, what will the CCPA’s early days look like? Europe’s General Data Protection Regulation (GDPR), which went into effect on May 25, 2018, provides great comparisons.

During this podcast, Steve Stein, co-lead of KPMG’s U.S. Information Governance and Privacy practice, sat down with Austyn McLoughlin, a director in the firm’s Cyber Security group and an Irish expat now living in the U.S., to look at the CCPA through a GDPR lens. Topics they discussed include: 

  • Why companies that are required to comply will greatly underestimate the effort
  • Why the regulators will need to quickly ramp-up their investments and workforce
  • Why awareness among consumers will grow quickly and exponentially
  • The areas companies should think about as they prepare for CCPA, including:
    • having the right team
    • having a prioritized plan in place
    • facilitating the external facing aspects of the privacy plan
    • dealing with DSRs
    • using tools to help
    • reducing the risk of a breach.
Steven Stein

Steven Stein

Principal, Cyber Security Services, KPMG US

Austyn McLoughlin

Austyn McLoughlin

Director, Cyber Security Services, KPMG US