With only a month until the California Consumer Privacy Act (CCPA) comes into effect, companies are looking for solutions to the business challenges it creates. The CCPA comes with a lookback period of 12 months, requiring companies to be in control of their customer’s personal data across all internal and third-party systems. DataGrail recently onboarded the SaaS based education platform NoRedInk, which enables English teachers to help their students realize their true writing potential.
NoRedInk, founded in 2012, is one of many small to medium sized businesses that are required to be in compliance with the CCPA. Any business that works with or has data for California residents and “has annual gross revenues in excess of twenty-five million dollars ($25,000,000)”, stores data for 50,000 consumers or more, or meets one of several other requirements, is subject to the law. Even a company headquartered outside California could fall within this definition if they have customers in the state.
NoRedInk faced a business challenge as a fast-growing company with limited internal resources to focus on data privacy compliance. Christopher Dailey, Director of Business Operations at NoRedInk, needed to find a technology solution that enabled NoRedInk to comply with the CCPA and GDPR while not adding to his team’s already busy workload. DataGrail stepped in to get NoRedInk all set up for the requirements of the CCPA and enabled the company to be transparent in its privacy practices.
DataGrail provided, in the words of Dailey, a “real live data map where once you have it in place it no longer needs human intervention so that you can always stay in compliance.” The average company has 50-100 systems that contain personal data that may need to be accessed for servicing privacy requests. DataGrail’s Live Data Map provides a continually refreshed blueprint of where data lives in your organization, and, any changes made to the systems used at your organization are reflected automatically. For NoRedInk, this meant continuous compliance with the CCPA after a brief onboarding period. Dailey said, “What I liked about the on boarding experience… was they had a team that was very, very attentive to what I was trying to accomplish.”
With less than a month left until the deadline for CCPA, many small and mid-size businesses are deciding whether to implement a third party solution or build out an internal process for handling privacy requests throughout all systems with data. NoRedInk made the decision to utilize DataGrail’s technology after taking a closer look at the options and potential internal costs. Christopher Dailey of NoRedInk shared in our customer testimonial:
“We evaluated other solutions and what we found were platforms we thought were overly complex. In DataGrail we saw a company and solution that was highly focused on managing our compliance with CCPA and GDPR. We looked at what it would cost us for the engineering team to build a system and that number far exceeded many multiples of what DataGrail was charging.”
The CCPA could end up disrupting small and medium size businesses most, given their constrained operating resources. For every privacy request, as many as 26 people could be involved at the company, according to a report conducted earlier this year by DataGrail. This lengthy process can lead to slow response time, human error, and valuable time lost for employees. Searching multiple locations for data – many of which are outside of a privacy manager’s control – will be a major effort for firms that do not have a centralized system for extracting or deleting data and those who are not actively archiving client communications.
Non-compliance for small business could be a big issue, especially when competing with large businesses that have full legal and IT teams preparing for months ahead of the CCPA. The fines may seem less significant at $100-$750, but that is per data subject, which companies could have millions of.
DataGrail saves companies like NoRedInk time, money, and human resources with it’s easy-to-implement Privacy Platform, built on the Live Data Map. Find out more about how we helped NoRedInk with their full customer testimonial or schedule a demo today.