Data & AI

“The fabric of our lives.” We all know this as a phrase the cotton industry has used for years. But given the exponential flood of information we devour today, there’s really a new fabric that all organizations need to understand and live with – data fabric. And as that data fabric is weaved, it’s important to know where the data originated and how it flows – the data lineage.

Gartner ranked data fabric as a top 10 data and analytics trend for 2019.

What is data fabric all about?

The term “data fabric” has been around for a few years but has only recently gained more attention and traction. Leading research and advisory company Gartner had it as one of their “Top 10 Data and Analytics Technology Trends for 2019.”

Prolifics partner Talend, a leader in data integration and data integrity, knows a thing or two about data fabric. Last month, independent research firm Forrester named Talend “a leader in enterprise data fabric evaluation.” Talend describes data fabric this way:

• Think of data fabric as a weave that is stretched over a large space that connects multiple locations, types, and sources of data, with methods for accessing that data. The data can be processed, managed, and stored as it moves within the data fabric.
• In simplest terms, a data fabric is a single environment consisting of a unified architecture, and services or technologies running on that architecture, that helps organizations manage their data. The ultimate goal of data fabric is to maximize the value of your data and accelerate digital transformation…

Where does data lineage fit in?

Data lineage is describing where data came from (how it entered your organization), how it’s moved and spread through the organization, the data’s characteristics and how it’s changed, and its overall quality. Prolifics partner MANTA succinctly describes the importance of data lineage:

• What makes a decision bulletproof? Solid data. What makes data solid? Knowing its source, its journey, and all its transformations from the moment it entered the database to the moment you saw it in the report you are using to make your decision.

For MANTA, data lineage is more important than ever given today’s environment. When dealing with data privacy regulations, like the EU’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA), MANTA notes that “data governance (is) made possible with powerful data lineage…full lineage is a must when proving compliance with any data-oriented regulation.” When dealing with the unexpected, like remote workers in a pandemic lockdown, “…understanding of how your data flows and its transformations, you will easily come up with strategies to overcome the data-related obstacles that the current pandemic has caused for your organization.”

Learn more

“Innovation Sandbox – Powered by Prolifics,” is a new, six-week YouTube Live series with today’s brightest minds, latest tech and most creative ideas.

Episode 2: “Take a Byte Out of Data,” airs live on Thursday, July 16, 10-10:30 a.m. ET on our YouTube channel, Prolifics TV. Rolf Heimes from Talend and Ernie Ostic from MANTA will discuss how companies that adopt new technologies, architectures, and methodologies for data will succeed – while companies that don’t will risk becoming obsolete. Learn more here Data Fabric and Data Lineage – The Basics.

The term “garbage in, garbage out” is as relevant to your data today as it was 20 years ago. If your company’s data is in chaos – incomplete, fragmented, trapped in siloes, hidden in legacy systems, poorly identifiable, duplicated – anything you try to do with that data will be, unfortunately, garbage.

Four Ways Your Data Chaos Will Hurt You – Badly

The pandemic shutdown exposed or exacerbated problems with cost optimization, cost efficiency, business continuity and disaster recovery. As companies reopen and retool post-lockdown, it’s more important than ever that you have clean and complete data – everything starts with having a handle on your data. If it’s in chaos, it will hurt you.

1) The drip, drip, drip of legacy systems

It’s kind of a “Catch-22” scenario – your data situation is in chaos because of your legacy systems, but you don’t think you can move from the legacy systems because of how deeply ingrained your data is. But legacy systems cost more to maintain, things take longer, and opportunities are missed. Data is growing exponentially at a time when you need speed and efficiency – but that new data is going into chaos. Whether moving to the cloud or staying on-prem, it’s time for application modernization and integration. You don’t need to do it all at once – but you better start soon, or the drips will keep on coming.

2) The data privacy movement

The EU’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA) and laws like it give individuals a level of control over how companies use their collected data. This includes the “right to be forgotten” – a company must delete a requestor’s information in its systems as mandated. Fines can add up – in CCPA it’s $2,500 per compliance violation, going up to $7,500 if the violation is deemed intentional. If you don’t know what data matches to which customers, or all the nooks and crannies where that data is and how to get to it, the penalties could add up fast.

3) Entity resolution

“Wizard of Data” Jeff Jonas defines entity resolution as “who is who and who is related to who” in data. The common terms identity resolution; record linking, matching and deduplication; and “merge-purge” are forms of ER. Entity resolution means you have a single version of something that your business must deal with, like a customer or a vendor, or you understand the relationship between somethings, like which salesman belongs with which vendor. If your data is garbage, and entity resolution is difficult, you’re setting yourself up for problems from bad customer experiences and cost inefficiencies to outright fraud.

4) Advanced and predictive analytics

Companies today are using artificial intelligence and machine learning (AI/ML) tools to automatically detect sophisticated data patterns to predict potential outcomes, giving them better decision-making insight and abilities. For example, a financial organization using AI/ML can analyze its entire historical loan portfolio on an ongoing basis, learning and recognizing patterns of factors in real time that lead to a much higher rate of default. If a new loan application has those factors, the AI/ML program would flag it for denial.  AI/ML is for “what’s next” questions, like which current customers will likely buy your new product or when will a piece of equipment break down. These insights can have you crushing your competition – unless your data is in chaos. Then the competition will be crushing you.  

Get a handle on your data

Prolifics experts can help you with your data, systems modernization and integration, and cloud and hybrid cloud platforms. Visit www.prolifics.com or email solutions@prolifics.com.

Coffee with Talend

Join data experts Brian Kordelski (Prolifics) and Rolf Heimes (Talend) for a discussion on how companies are striving to be leaner and more efficient when it comes to housing and managing data. They’ll also look at how migrating to an opensource framework can be cost-effective and quickly deployed. More information and registration here 4 Ways Your Data Chaos Will Hurt You.

We’re in the era of data – tsunamis of data, in fact, that are growing exponentially. With it comes concerns about what we can learn from the data – separating the melody from the noise – as well as overcoming worries surrounding privacy and fraud. Entity resolution (ER) is an important tool used to address these data issues. On the cutting edge of ER technology is Jeff Jonas, CEO and Chief Scientist for Senzing, Inc., an artificial intelligence‐based (AI) software company focused on ER.

What is Entity Resolution (ER)?

In the book “Entity Resolution and Information Quality,” writer Terry Talley states:

Entity resolution is the process of probabilistically identifying some real thing based upon a set of possibly ambiguous clues. Humans have been performing entity resolution throughout history. Early humans looked at footprints and tried to match that clue to the animals that made the tracks.

In the same book, writer John R. Talburt gives it a more formal, scientific view:

Entity resolution is about determining when references to real-world entities are equivalent (refer to the same entity) or not equivalent (refer to different entities). Linking is appending a common identifier to reference instances to denote the decision that they are equivalent. Identity resolution, record linking, record matching, record deduplication, merge-purge, and entity analytics all represent particular forms or aspects of ER.

Jeff Jonas gives ER a more simple and understandable definition: ER determines “who is who and who is related to who” in data.

Why is ER Important?

Entity resolution is important to a business because it tries to create a single version of the “truth” for any given entity/thing that the business deals with. An example many companies can relate to is the idea of the “single customer view.” Companies may have many different systems that have separate pieces of information – purchase history, demographics, credit info, points or loyalty programs and so on, for the same person. (Or are they?) Say your company used your systems to send an email blast that included K. Coggs, KT Coggs, Katie Coggs and Kathryn Coggs. Is there just one Ms. Coggs who is now annoyed with your company for getting four emails, or are there two, three or four separate customers?

Beyond customer experience, having a single customer view gives cleaner data for advanced and predictive analytics. Otherwise, based on Katie Coggs’ purchase history you might erroneously send a related new product advertisement and coupon to her mother, Kathryn.

It can get more serious than emails and coupons – has anyone at your bank connected the fact that several people are using the same assets as loan collateral at different branches? Finding fraud is a major driver of entity resolution.

ER is also important regarding the data privacy movement, which has given rise to laws and regulations like the EU’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA). These laws and others like them give individuals a level of control over how companies use their collected data. This includes what’s generally referred to as the “right to be forgotten” – having a company delete the requestor’s information as mandated by the applicable law. Hefty fines can be imposed for non-compliance. Imagine KT Coggs sent your company a “right to be forgotten” request. Will you be paying a fine when the auditors find K. Coggs info in your systems – and that K. and KT were the same person?

Jeff Jonas – “Wizard of Big Data”

Jeff Jonas tackles all these ER issues, and more, as CEO and Chief Scientist for Senzing, Inc., an artificial intelligence‐based (AI) software company focused on ER. His work has gone from the simple – finding duplicates in contact lists – to the complex – searching for criminal identities in real time across thousands of data sources and billions of pieces of information.  

“Wizard of Big Data” is a moniker that stuck after a 2014 National Geographic feature article that covered his life and work. As related in the article, some of Jonas’ high-profile ER cases have included identifying potential terrorists, detecting fraudulent behavior in casinos, connecting loved ones after a natural disaster, and modernizing voter registration systems. Describing fraud detection in casinos, the National Geographic article said:

Using available and legally obtained data (Jonas emphasizes the program has built-in privacy safeguards) – such as employee records, phone numbers, addresses, job applications, hotel reservations, customer loyalty program information, and the gaming commission’s list of banned players – (Jonas’s program) figures out if an employee and a bad guy are related, live near each other, or share the same phone number; it may also detect if a guest has links to an employee.

Jonas’ goal is to make high quality ER available to mainstream companies – Senzing’s collateral says “You don’t need a million-dollar-plus budget, expensive ER experts, or a large number of IT resources to deploy Senzing ER.” The company offers a plug-and-play, real-time AI for ER desktop app and a more advanced API version for developers.

Jonas works on innovation, national security and privacy with government leaders, think tanks and executives all over the world. He is the author or co-author of more than a dozen patents and his work has been featured in documentaries and books. He is one of only five people in the world who has completed every Ironman triathlon currently on the global circuit.

See Jeff Jonas live on “Innovation Sandbox, Powered by Prolifics”

Jeff Jonas will be our first guest for the inaugural season of “Innovation Sandbox, Powered by Prolifics,” a new YouTube Live series with today’s brightest minds, latest tech and most creative ideas. This first episode – “We’re LIVE to see the Wizard!” – airs Thursday, July 9 from 10-10:30 a.m. ET on Prolifics TV.

Prolifics’ chief technology officer and Innovation Center leader Greg Hodgkinson will host this episode. Join us and get ready for a dynamic discussion with Jonas on topics ranging from how ER affects the average person to Ironman triathlon training during a pandemic.

More information and registration here Tell Me More About Entity Resolution and Jeff Jonas.

Around the country, sweeping data privacy regulations are compelling businesses to rethink every aspect of their data governance capabilities.

If your organization complied with General Data Protection Regulation (GDPR) standards set by the European Union in 2016, you may have a head start. However, compliance with the GDPR will not be sufficient for compliance with the new state regulations. If your data lifecycle management process hasn’t changed in recent years—or if you never had a holistic, company-wide process to begin with — it’s time to stop kicking that can down the road.

Our new infographic shows you how three states are changing their data privacy landscape. You’ll also see steps your company can take to avoid unexpected penalties in the future.

California Consumer Privacy Act (CCPA)

• Enacted in 2018, the California Consumer Privacy Act (CCPA) requires transparency concerning the hosting and exchange of personal data, which includes a range of individual, or household, identifiers.
• As of July 2020, companies have 30 days to comply once notified of a violation; otherwise they are subject to civil penalties of up to $2,500 per violation and $7,500 per “intentional violation.”

Act to Protect the Privacy of Online Consumer Information (Maine)

• Maine’s Act to Protect the Privacy of Online Consumer Information requires broadband internet service providers (ISPs) to obtain customer consent before selling or sharing their data with a third party.
• While the CCPA gives customers the right to opt-out, Maine’s law prohibits ISPs from using customer data unless the customer opts in.

Stop Hacks and Improve Electronic Data Security Act (New York)

• The Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) requires any businesses that maintain New York residents’ private information to take concrete steps intended to prevent data breaches.
• To comply, businesses must take reasonable protective measures, including:
  • risk assessments
  • workforce training
  • incident response planning and testing
• Failure to implement a compliant program is enforced by the New York State Attorney General and may result in injunctive relief and civil penalties.

Federal Privacy Laws

The United States does not yet have a comprehensive federal-level privacy law that reaches the scope of the GDPR in the European Union. Still, there are several vertically focused federal laws that businesses must be aware of if they deal with private consumer data. These include:

• Privacy Act of 1974: Gives individuals a way to access and correct their records, and sets forth various agency record-keeping requirements.
• Health Insurance Portability and Accountability Act (HIPAA): Regulates the collection and disclosure of patient health information and requires health care providers to protect data from unauthorized use.
• Children’s Online Privacy Protection Act (COPPA): Enforced by the Federal Trade Commission, outlines the appropriate use of information of children under the age of 13.
• Gramm-Leach-Bliley Act (GLBA): Requires financial institutions to protect customers’ data by limiting how information is shared with third parties.

Steps Toward Compliance

Your organization’s data quality and data governance team should discuss your approach tomanaging data assets. A methodical approach to making sure your organization is compliant will involve the following process:

• Determine how much data exposure is present in your environment and which state/federal rules apply to your business.
• Determine who in your organization needs to be involved and to what extent.
• Identify the utilities and software solutions needed to facilitate compliance.
• Identify the processes required to move toward compliance and the options you have to maximize your investments.
• Build a roadmap toward compliance with minimal requirements and timeline.

The California Consumer Privacy Act (CCPA) was created to provide consumers in the state of California with additional rights and protections related to how businesses are permitted to use their personal information. This state statute was enacted in 2018 and put into effect in January 2020.

In this article, we’ll take a look at what the CCPA is and how the CCPA impacts businesses and consumers.

What Is The Purpose of CCPA?

In the past few years, customers have expressed growing concerns about the fate of their personal data in the hands of businesses and corporations. The purpose of the CCPA is protect the data and privacy of consumers. The CCPA endows residents in the state of California with the following rights:

• The right to be informed that personal data is being collected, used, sold, and/or shared by businesses
• The right to request for the deletion of personal data
• The right to prohibit businesses from selling their personal information
• The right to access any personal data collected by businesses
• The right to not be discriminated against (higher prices, lower levels of service, etc.) for exercising these rights

In the event that these rights are breached, the CCPA grants California residents the right to sue.

What Is Personal Information?

It is important to know what personal information is to have a good understanding of the implications of the CCPA. The CCPA defines personal information as the following: “Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” (1798.140.o1).

The different categories of personal information under the CCPA are direct identifiers, unique identifiers, biometric data, geolocation data, internet activity, and sensitive information. Examples of direct identifiers include first and last name, social security numbers, and home address. Unique identifiers refer to data like account names, cookies, and IP addresses. Location history is the primary example of geolocation data. Internet activity refers to browsing history and search history. Biometric data encompass voice and face recordings. Finally, health data is an example of sensitive information.

Overall, any data that can be used to identify an individual or a household is considered personal information under the CCPA. Data that is anonymous or aggregated generally is not covered by the CCPA. In some cases, suppression of data may be necessary to prevent the Identification of specific individuals or households by inference or by combining multiple sources of anonymous or aggregated data.

Which Businesses Must Abide by the CCPA?

Not all businesses must abide by the CCPA. There are certain requirements that a company must fulfill before being forced to comply with this state statue. The following companies are required to abide by the CCPA:

• Companies that earn more than $25 million in annual gross revenue
• Companies that collect the personal information of at least 500,000 residents, households, and/or devices in California each year
• Companies that derive more than half of their annual revenue from selling the personal information of California residents.

Notably, companies outside of the state of California are also expected to comply with the CCPA. After all, most of the businesses in the United States do business with consumers in California. Also, many other states have enacted similar legislation. Some examples of such states include Washington and New Jersey.

Are B2B Businesses Exempt from the CCPA?

“No” is the short answer to the question “Are B2B businesses exempt from the CCPA?” However, in truth, the answer is a little more complicated than that. The CCPA is not entirely black and white when it comes to business-to-business (B2B) companies. According to the CCPA, all communications and transactions that occur during the process of a business providing or receiving a product/service are exempt from the CCPA. Therefore, it appears that B2B businesses are exempt from the CCPA in terms of emails and other forms of communication. This exemption is only in place until January 2021.

However, B2B companies must still comply with the CCPA when it comes to allowing individuals to say no to the sale of their personal information and making sure consumers who exercise their data privacy rights are not exempt.

Overall, while there are some short-term exemptions that B2B companies are currently enjoying, the CCPA does have major implications for B2B companies. It is in the best interest of B2B companies to take advantage of these short-term exemptions to make the transition to this new normal for data privacy laws a little less rocky.

What Is the Difference Between the CCPA and the GDPR?

One question that you may have is “What is the difference between the CCPA and the GDPR?” The GDPR, which stands for the General Data Protection Regulation, is a regulation pertaining to data privacy in the European Union as well as the European Economic Area. The GDPR also regulates the transfer of personal information in areas other than the EU and EEA.

The GDPR was enacted in May 2018 to standardize data privacy laws across all 28 countries in the EU. The GDPR requires businesses to protect the personal data associated with all transactions occurring in the EU. This includes US businesses conducting transactions in the EU.

The main difference between the GDPR and the CCPA is that the latter only protects the privacy and data of California residents. On the other hand, the GDPR is only applicable for transactions in the EU. Another key difference is that the primary focus of the CCPA is to regulate the sale of personal information. The main focus of the GDPR is to regulate data ownership and the rights to personal data deletion.

What Does the CCPA Mean for Businesses?

The CCPA requires that all residents of California must know what personal data is being collected and how this information is being used. However, the CCPA may mean that businesses may need to grant these new data privacy rights to all customers. The reason for this is that it is often difficult for a business to know for sure where a user is located. Therefore, for many businesses, it is in their best interest to blindly apply the CCPA rights to all customers due to the inability to distinguish between consumers from California and consumers from other states. Also, as noted above, many states are working to enact statues similar to the CCPA.

Businesses can face civil penalties of $2,500 per violation under the CCPA and up to $7,500 for all intentional violations. In general, a business will first receive notification of alleged noncompliance. If the business fails to rectify the violation within 30 days, the business will be considered in violation of the CCPA and may face civil penalties and civil actions for injunctions from the California attorney general. As mentioned above, California residents are able to sue businesses for violations as individuals or classes.

How Should Businesses Prepare for the CCPA?

There are a number of steps that businesses should take to prepare for the CCPA. These steps include updating their website and ensuring personal data security. This section will outline how businesses can adequately prepare for the CCPA.

All businesses should update the privacy policy on their website to ensure the personal data they collect is clearly outlined. Not only should the privacy policy mention what personal data is collected, but it should also explain why it is stored and how it is processed and used. A section of your website should provide your consumers with clear instructions on how to make a request to access their personal data. You can provide a toll-free telephone number that consumers can call to make a right-to-access request. Provide a thorough explanation of how your business intends to validate the identity of individuals who make right-access requests.

Under the CCPA, the California Attorney General has the power to impose fines in the event of a breach of personal consumer information. However, these penalties are only applicable to businesses that did not take the right steps to protect personal data.

Be sure that all the personal information you collect from your consumers is encrypted. Redaction is another method that you can use to protect the personal information of your California consumers. Not only do you need to protect the data through encryption or redaction, but you may need to completely restructure the way you collect and store data to ensure that you have the ability to find personal information no matter where it is stored. The reason is that consumers can make right-to-access requests, which means you need to be able to find and provide this data in an efficient manner. As you can imagine, this can be a very time-consuming and difficult process.

In Conclusion

In conclusion, the CCPA has the potential to have national and even global implications when it comes to data privacy for consumers. California was the first state in the county to enact legislation to protect consumer data and privacy. Many states are expected to follow suit in the next few years. For more information about what is the CCPA, don’t hesitate to contact us.

The CCPA (California Consumer Privacy Act) helps give Californians new rights to autonomy over data they generate. It went into effect on January 1, 2020. This act is the first major US privacy legislation that is being enacted after the European GDPR (General Data Protection Regulation), which became effective in May 2018. While some have called the CCPA the California GDPR, there are some differences.

CCPA vs. GDPR

Even though Nevada and Maine have passed different privacy legislation or amendments to existing laws, the CCPA is the first statewide privacy legislation in the country. The CCPA is of different magnitude than other laws and other amendments to laws. This law in California changes the way residents can handle their own data. It can empower them with new rights in order to request businesses delete or disclose the data that has been collected or they can completely opt out of third-party data sales. The law now creates new requirements for commercial entities that are doing business in California. Whether or not a business falls under these new requirements depends on a set of definitions. The main requirement under this is that the businesses are to provide consumers with information about how their data has been processed, collected, and sold in the past 12 months.

While the CCPA only affects one state, the GDPR is a European Union law that is for all 27 member-states. This law controls how companies, organizations, and websites are allowed to handle personal data. Personal data can be anything from browser history and email addresses to location data, names, and other things. If you have a website with visitors from the EU and you have a third-party service, such as Facebook or Google, that processes personal data then this law states that you need to first get prior consent from the user. In order for the consent to be valid, it needs to be based on clear information about the duration, extent, and purpose of the data processing. For example, if you are doing this through a cookie consent banner then the banner can’t have any pre-checked boxes. This law actually applies to any website in the world, regardless of where you are located and from where you are operating. If you get any visitors from the European Union then you need to be in compliance. Even if the website is in California but gets visitors from the EU, it still needs to follow the GDPR.

Overall Comparison of CCPA vs. GDPR

CCPA is more about creating transparency and giving rights to consumers while GDPR is more focused on creating a “privacy by default” framework. The GDPR instead creates a door for a user to lock so that none of their data can be processed. The CCPA creates a window that allows a consumer to find out where there data has been sold to a third party or gathered by a business.

Legal Bases

The GDPR requires that businesses, websites, and companies have a legal basis for processing personal data in the EU. The first legal basis is consent. However, the CCPA doesn’t have this same framework. Under the CCPA, a business doesn’t actually need prior consent from a user before they process the data and a website doesn’t need any prior consent from a user before they sell the data to a third party.

Main Rights of Each Law

Both of the laws deal with some main rights that include the right of access, to be informed, and portability. The minor difference between the two is the right of prior consent and the right to opt out. These can almost be seen as the same since the right to opt out is also included in the right to withdraw consent.

When you compare the right of each one closely, it’s prior consent that makes all the difference. Prior consent is exclusive to GDPR. With this, it can create the legal framework across the European Union that is based on privacy first with user control.

What Do the Laws Deal With?

Both laws define things a bit differently. The CCPA deals with personal information and this is information that relates to, describes, identifies, or is capable of being associated with a particular consumer or household, whether it’s linked directly or indirectly. The GDPR deals with personal data or any information related to an identifiable natural person indirectly or directly. The CCPA definition is more personal and this means it includes data that isn’t necessarily individual specific but can also be categorized as household data. However, the GDPR does have a special category of data that is called Sensitive Personal Data.

The GDPR has created six different legal grounds for processing personal data. However, the CCPA doesn’t have any for processing that data in the state. This means that businesses can process data as they want, unless a customer actually exercises their right to opt out of having the data sold. This is shown in the requirement for businesses to provide a link or button on the website that says, “Do not sell my personal information.” By clicking this button, consumers can opt out of these third-party data sales.

Who Do the Laws Apply to?

The laws have some differences on who is affected, whether it’s individuals or businesses.

Data Subjects vs. Consumers

The CCPA gives rights to consumers and this is a person who is a California resident. The GDPR protects what are known as data subjects, defined as identifiable or identified natural persons. A data subject can be any person and doesn’t necessarily have to be a EU citizen or resident. For example, if an American citizen is traveling in the EU and their data is processed while there, he or she is then protected by the GDPR. The companies that process the data, even if they are outside the EU, still have to comply if they are offering services to data subjects within the union.

Scopes of the GDPR and CCPA

Both laws have extraterritorial scope. The CCPA applies to companies that fit the definition of a business, whether or not the company is actually located in California. A business, according to the law, is a for-profit entity that collects personal information, does business in California, and determines the means and purpose of processing. They must meet one of these thresholds: process information for at least 50,000 Californians every year, annual revenue over $25 million, or gets 50% or more of its revenue from the sale of personal information. This definition excludes a lot of websites, organizations, and companies that do process personal data of Californians and still allows them to do business as usual.

A company that is based in Europe can still fit into the definition of a business under the CCPA and is obligated to comply the law. The GDPR applies to organizations, companies and websites in the world if they offer services or goods to individuals within the EU. The difference is that the GDPR actually protects the data subject who happens to be in the EU at the time of the processing or collection of data. However, the CCPA only protects you if you fall under the definition of being a California resident.

The GDPR doesn’t set any restrictions for the size of profit of the data collectors. A data controller, according to the law, is just any entity that processes or collects data in the European Union. This can include any company, organization or business, and website. This is one of the main differences between the two laws and the GDPR has a much broader scope. The GDPR protects more people.

Enforcement of the Laws

When it comes to the enforcement of the laws, both are similar but there are some differences.

The GDPR is enforced by monetary penalties issued by the national data protection authorities. Penalties can be as high as 4% of a company’s global annual turnover or 20 million euros, whichever is higher. The fines are determined by the gravity, nature, and how long the infringement was. So far, the highest fine has been 50 million euros. The CCPA is being enforced by the Attorney General of California, also with monetary penalties. However, the monetary penalties for the CCPA are much smaller than ones issued for violating the GDPR. There is a maximum of $2,500 per violation.

According to the GDPR, it’s the national data protection authorities that have the task for offering guidance and promoting awareness to organizations and companies on how to be GDPR compliant. The EU data protection authorities have the ability to conduct audits of companies that could be in breach of the GDPR. They are allowed to order data controllers to comply and issue warnings. With the CCPA, there aren’t as many supervisory opportunities and it’s up to the state’s Attorney General to start any investigations. The Attorney General is expected to have created regulations to specific areas of supervision and enforcement by July 2020.

The CCPA and GDPR do a lot to help with privacy but there are more limitations to the CCPA than there are the GDPR and each law works a bit differently.

The state of California is now enforcing the California Consumer Privacy Act (CCPA). Starting July 1, businesses face fines of $2,500 per compliance violation, rising to $7,500 if negligence is involved. On top of that, Californians can sue if their personal information is compromised in a data breach—again, if due to company negligence. This makes implementing robust CCPA compliance solutions an urgent priority.

Under California Consumer Privacy Act requirements, Californians have the right to:

• Know what personal information of theirs is collected, used, shared, or sold
• Request deletion of their personal information
• Opt-out of the sale of their personal information

Why CCPA Compliance Solutions Start with Data Knowledge

Achieving CCPA data privacy best practices—much like GDPR compliance before it—begins with understanding your customers’ personally identifiable information (PII). You must be able to answer:

• What data do you store?
• Where is the data?
• Who has access to the data?
• What is the data being used for?

This means data governance for CCPA compliance is inseparable from broader initiatives in data management and data security.

Choosing the Right CCPA Compliance Solutions and Tools

There are countless tools claiming to support California data privacy regulations. When evaluating any CCPA compliance assessment software, make sure to ask:

Are You Scanning All My Data?

Some tools only scan file names, column headers, or samples. You need CCPA data scan tools that can deep scan structured, semi-structured, and unstructured data across servers, email systems, shared drives, cloud, and on-premises. Comprehensive CCPA unstructured data scanning ensures you uncover every hidden pocket of PII.

Can the Solution Learn as It Goes?

Look for solutions that use AI for CCPA compliance. Artificial intelligence and machine learning (AI/ML) detect hidden data relationships and create rules that enhance CCPAdata classification and inventory accuracy over time. The benefits of AI/ML in CCPA data privacy solutions include continuous learning and improved data quality insights.

What Will the Data Scan Deliver?

Expect a full inventory of data assets with reports on locations, quality, classifications, and sensitivities. This forms the basis for CCPA personal information protection decisions. A quality-first approach eliminates long debates over definitions by letting the system set rules up front.

How Long Will the Scan Take?

High-quality solutions can complete deep scans in days rather than weeks. Speed matters when aiming to prepare for CCPA compliance efficiently.

Will the Solution Continue to Work for Me?

Compliance isn’t “one and done.” New data constantly flows into your organization. The best tools offer ongoing CCPA compliance monitoring tools to ensure you remain compliant long-term.

How Prolifics Can Help

If you’re wondering how to prepare for CCPA compliance, our experts can help assess your readiness. We offer a CCPA compliance health check services package—an inventory and risk assessment that gives you a clear understanding of your exposure.

We also provide deep data scanning for CCPA compliance through our Data Hawk accelerator, a key technology in any data privacy project. Data Hawk delivers unmatched scanning and interrogation capabilities for both structured and unstructured data.

Whether you need to know questions to ask CCPA data scanning vendors or want to learn what is a CCPA compliance health check, our team has the answers. We ensure our recommendations align with California Consumer Privacy Act requirements and best practices for CCPA personal information protection.

The Business Case for Compliance

Failing to meet CCPA data privacy best practices is costly—not only in fines but also in reputational damage. Investing in CCPA compliance solutions that integrate with your broader data governance for CCPA compliance strategy reduces legal risks and strengthens customer trust.

By embedding AI for CCPA compliance and scalable CCPA data scan tools into your infrastructure, you’ll be better positioned to adapt to evolving California data privacy regulations and other emerging laws.

Ready to protect your data and your reputation? Visit our expert hub for resources on how to protect personal information under the California Consumer Privacy Act or email us at solutions@prolifics.com to get started.