The California Consumer Privacy Act is a state law that enhances the protection of the personal information (PI) of California residents.
It requires businesses to be transparent about their PI data practice by disclosing to consumers about how they collect, use and share consumers’ PI, and responding to consumers’ data access, opt-out of sale and deletion requests.
Effective January 1, 2020.
Privacy laws and bills in California and other states are in development. The CCPA will be replaced by the California Privacy Rights Act (CPRA) on January 1, 2023; Virginia and Colorado each has a privacy law going into effect in 2023.
The information contained on this page regarding the CCPA and other privacy laws is for informational purposes only. It is not intended to be legal advice. Please consult your legal counsel if you have questions about the CCPA or other laws.
The CCPA applies to any business that collects personal data of California consumers and meets one of the following thresholds:
The CCPA grants consumers a series of rights and control over how their PI should be handled, and imposes extensive obligations on businesses to ensure the consumers’ exercise of their rights. The key rights consumers have under the CCPA include:
There are exceptions to the above consumer rights that could exempt some part of your business from certain CCPA requirements. For example, a consumer’s personal data that is collected for a vehicle loan transaction may be exempted from the CCPA because it is regulated by federal laws such as the Gramm-Leach-Bliley Act. It’s important that you consult your legal team or other advisors for advice.
First and foremost, ensure that you understand how the CCPA will impact your business and establish a comprehensive CCPA compliance program.
Examples of what you need to do:
The CCPA will be enforced by California’s Attorney General. Fines for violating the CCPA can be as high as $2,500 per violation and $7,500 per intentional violation.
Businesses can also be sued by California consumers for security breaches of PI and pay up to $750 per consumer per incident or actual damages, plus other proper relief.
CDK has developed solutions for CDK applications that process and store your consumers’ personal information. For example, each of your CDK applications that handle personal information will allow you to respond to consumers’ various requests under the CCPA:
View our full CCPA product listing and training documentation. Please note, you will need your Service Connect login to access.
Managing CCPA Flagged Data: Dealers and Partners — New Abilities
DEALER CONTROL
Starting the first quarter of 2022, dealers will be able to block consumer records that have been flagged with CCPA DoNotSell or Delete from being transmitted to the CDK partner:
PARTNER RESPONSIBILITY
In addition to the dealer DDX enhancement, CDK has also launched new integration Partner Integration Points (PIP) which allow the DoNotSell and Delete flags to pass from the DMS to the partner. In order for partners to accept this data, they need to update integration points to the DMS to ensure they receive the flags. Partners are responsible for honoring the flags on behalf of the dealer.
By providing both CDK dealers and CDK dealer partners with the ability to manage CCPA flagged data, CDK is ensuring that dealer customers who have exercised their rights under CCPA will be protected.
Contact your Client Account Manager (CAM) with any questions or concerns regarding the CCPA. Please contact your OEM and other non-CDK providers and vendors for CCPA compliance updates.