Are you prepared for the California Consumer Privacy Act? We Can Help You Prepare For 2020.

The California Consumer Privacy Act (CCPA) went into effect on January 1, 2020, codifying enhanced provide enhanced privacy rights and consumer protection for California residents.  Consumer data privacy rights will be extended to allow residents to request from businesses the categories and specific elements of personal information (PI) that the business collects about the consumer, the categories of sources from which that information is collected, the business purposes for collecting or selling the information, and the categories of third parties with which the information is shared.  

If you’re wondering if the CCPA impacts your organization, you are not alone.  If your business operates in California and collects California resident’s PI, or information about their households or from California resident’s electronic devices, the CCPA will likely apply to you if your organization meets one of the following criteria*: 

*The above criteria for the CCPA may exempt small businesses, not-for-profits, and businesses already subject to existing federal laws with consumer privacy protections, such as health care (HIPAA) or financial institutions (GLBA).

The BDO Governance, Risk, & Compliance (GRC) team is well-versed in CCPA readiness and other data compliance regulations. Our core services operationalize CCPA consumer rights with:  

  • Privacy preparedness and strategy 

  • Data classification, retention and governance  

  • Consumer request call center development 

  • Payment Card Industry (PCI) compliance  

  • Attestation services (SOC, WebTrust, HITRUST) 

  • GRC integration  

  • Incident response  

By leveraging our proprietary BDO Privacy Management Framework (PMF), we are ready to help companies operationalize CCPA consumer rights processes, mitigate risk, and implement a data protection strategy that addresses the central aspects of CCPA compliance.  

Our PMF includes:  

  • ASSESSMENT - Identifying personal data sources, map sources, evaluating the governance structure and operating models, assessing risk, conducting third party risk assessments, and addressing data sharing relationships 

  • DESIGN - Updating policies and procedures, utilizing Privacy by Design/Default operating model to develop security & data sharing practices, categorizing personal information, and mapping solutions to address consumer requests 

  • IMPLEMENTATION - Establishing controls to prevent, detect, and respond to consumer requests, vulnerabilities, and incidents 

  • ONGOING MONITORING & GOVERNANCE - Maintaining required documentation, managing data requests and breach notifications, automating consumer request handling, and performing regular governance 

BDO’s California Consumer Privacy Act resource page enables privacy executives to stay abreast of the impending regulation, and learn about overarching privacy and governance considerations in one convenient location.

Free Consultation

Complete this short form to schedule a 60 minute complimentary session on a privacy issue. We will respond to your inquiry within 1-2 business days. 










Karen Schuler
Principal; Governance, Risk & Compliance National Leader
Phone: 301-354-2581  

Professional headshot of Mark Antalik
Mark Antalik

Managing Director, Governance, Risk & Compliance
Phone: 617-378-3653