As stated in our previous blog, complying with the CCPA requires a strategic approach that covers all stages of planning, analysis, implementation, and quality assurance.
A comprehensive compliance program includes all of the following:
PLANNING
- Impact analysis, as well as business case and roadmap development
- Identify the project work streams
- Establish the program governance model
- Create the detailed project plans, risk logs, and escalation mechanisms
ANALYSIS
- Document the process, data, and technical requirements
- Customer personal data current state analysis
- Future state requirement definition
- Identification of gaps vs. future state
- Required changes to policies and procedures
IMPLEMENTATION
- Define the overall solution architecture
- Changes to process and data flows
- Consolidate the consumer personal data
- Changes to data retention and deletion processes
- Develop the approvals and workflows to manage customer personal data
- Data security upgrades
QUALITY ASSURANCE
- Develop the test plan and test cases
- Test automation
- Integration and user acceptance testing
- Support for compliance testing before the deadline
Click here to read the next blog in this series, featuring content about the challenges of the CCPA and what to expect.
We recently published a guide examining the California Consumer Privacy Act of 2018, and the steps any financial institution must take in its response to the new law to evaluate its exposure and current state of readiness. You can download the guide below.
