Canada, are you getting ready for CPPA?

The replacement of PIPEDA by CPPA is just around the corner for Canada. As a result, it’s about time organizations consider how they will simplify privacy management and ensure CPPA compliance.

Book your free demo
Internation Privacy Law aosphere integration

CPPA basics

What is the CPPA?

The Customer Privacy Protection Act (CPPA) is included under the Digital Charter Implementation Act and aims to improve Canada’s data privacy practices and laws. The new law encourages, among others,  the empowerment of individuals’ control over data processing and motivates greater transparency when it comes to the use of personal data from companies.

PIPEDA vs CPPA

PIPEDA and CPPA have many common and/or similar points. However, the CPPA will be a lot stricter than PIPEDA, with greater consequences. Here are some key differences between the two.

PIPEDA

  • Protection of individuals, federal employees, or applicants
  • Implied consent
  • Inform users about the intention of data collection​
  • Keep personal data as long as needed for the communicated purpose
  • Notification of data breach
  • Maximum fine of violations is CA $ 100,000 per violation
  • User consent to allow collection and use of personal information for the stated purpose
  • Broad definition of personal information/ personal data
  • The data subject can access its data
  • Websites that transfer personal information abroad need to use contractual privacy clauses

CPPA

  • Protection of individuals, federal employees, or applicants. However, individuals get the private right of action to sue organizations for privacy violations
  • Consent requirements are strenghtened to ensure they are explicit and informed
  • More detailed requirements on the intentions of data collection and use
  • Individuals can request deletion of data at any time
  • Notification of a data breach as soon as possible
  • Maximum fine of violations is CA $ 10 M or 3% of global annual revenue. Exeptionally, and if the violations are severe enough, the fine can reach CA $ 25 M or 5% of the global revenue
  • Individuals can withdraw previously granted consent and opt out from sharing information at any time
  • Individuals have the right to access their personal information and check if it is correct or outdated
  • Data processing, including the collection, use or disclusure of personal data, is permitted in appropriate circumnstances, which are specifically determined
  • Higher transparency regarding the collection and process of personal data
  • Global Application

We can already help you plan CPPA compliance

Start a free trial
Pricing & Plans

A few ways in which RESPONSUM can help you

Legitimate Interest

Easily document legitimate interest assessments and get ready to display it in case it is requested.

Privacy Management

Include all the information, policies, and procedures your organization puts in place to fulfill the CPPA obligations.

Check the processes

Keep an eye on all the procedures that include information processing, and make sure you don’t miss any important deadlines.

Data Breach Response

Respond quickly to Data Breaches and take the right steps to reduce the risk of information leak.

Prove Compliance

Prove CPPA compliance by having available at anytime documents such as how you handle subject access requests or which are your organization’s policies.

Data Subject Access Requests

Organize and manage in an effective and fast way the Data Subject Access Requests your organization receives.

"Since there is still time until CPPA is fully in effect, do I really need to do something for my organzation now?"

Yes, you do.

When the CPPA comes into full effect you need to be ready. You need to prepare your organization, your privacy team, and the other departments on the new law. Moreover, you need to arm your company with the right tool to make sure you do not infringe any laws. Even in case you already have a PIPEDA compliance privacy program, you need to make sure you don’t miss out any important details.

How do we help privacy professionals?

Automation

We help you save time. How? By automating repetitive administrative tasks so you can work more efficiently.

Linked items

Don’t miss any important information. We linked different modules for you, so you have all the information you need at your disposal.

Accountability & Availability

No more spreadsheets. Have the correct information readily available in one single platform in case of an audit.

Collaboration

Get the information you need when you need it by working together with stakeholders from all departments.

Simplification

Translate complex privacy legislation requirements into easily understandable and applicable language through our guided workflows.

Education

Raise and maintain your organization’s awareness to the highest level through simulations and online trainings.

Prepare for CPPA today

Complete the form and discuss with our experts how you can prepare for CPPA compliance today.

Book a free demo. Meet our experts

* RESPONSUM is committed to protecting and respecting your privacy. We will only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick above to confirm we may contact you. You can unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy (www.responsum.eu/privacy-statement/). By clicking submit above, you consent to allow RESPONSUM to store and process the personal information submitted above to provide you the requested communication.