Skip to content

menu

Open Legal Blog Archive logo
HomeAboutBlogsFAQsSubmit

CCPA Poses Serious Challenge for Small, Medium-Sized Businesses

By Odia Kagan on September 9, 2019
shutterstock_1048545287

CCPA applies to Small-to-Medium-Sized Enterprises, and they face unique challenges.

SMEs surveyed by the IAPP – International Association of Privacy Professionals stated that even if they “do not meet the CCPA’s definition of a ‘business,” their clients and customers will require them to sign contracts attesting to CCPA compliance.

Many have already faced such demands. Since SMEs operating as part of the data ecosystem are likely to be covered by the CCPA regardless of any revenue or data processing thresholds designed to lessen their compliance burdens, guidance (and future legislation) should be designed with their needs in mind.”

“The most significant CCPA compliance challenge SMEs expect to face is revising data processing provisions in contracts. Having just updated countless contracts to comply with the EU General Data Protection Regulation, SMEs expect to devote significant time and resources (and invest in outside legal counsel) to update them again.”

For SMEs, “manual processes are more common than automated ones across the board — for access requests, data inventories, privacy impact assessments and records of processing. This could pose unique challenges for identity verification under the CCPA.”

Details from the International Association of Privacy Professionals.

  • Posted in:
    Privacy & Data Security
  • Blog:
    Privacy Compliance & Data Security
  • Organization:
    Fox Rothschild LLP
  • Article: View Original Source

Open Legal Blog Archive, Inc. logo
Seattle, Washington
Copyright © 2026, Open Legal Blog Archive, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo