• Skip to primary navigation
  • Skip to main content
site logo
  • About
    • Approach
    • Partnerships
    • Mission
    • Leadership
    • Awards
    • Arraya Cares
  • Solutions
    • Solutions

    • Hybrid Infrastructure
      • Hyperconverged
      • Infrastructure as a Service
      • Servers, Storage, and Virtualization
      • Data Protection
      • Disaster Recovery & Business Continuity
    • Apps & Data
      • AI
      • Automation
      • Customizations
      • Visualizations & Integrations
      • Migrations
    • Network
      • Enterprise Networks
      • Wireless Connectivity
      • Cloud Networking Solutions
      • IoT
    • Cybersecurity
      • Endpoint Security
      • Network Security
      • Cloud Security
      • Application Security
    • Modern Workplace
      • Microsoft Licensing
      • Productivity & Collaboration
      • Modern Endpoint Deployment & Management
      • Microsoft Compliance & Risk
      • Backup
      • Cloud
  • Services
    • Services

    • Managed Services
      • Service Desk
      • Outsourced IT
      • Managed Security
      • Managed NOC
      • Arraya Adaptive Management for Microsoft Technologies
      • ADEPT: Arraya's White Label Program
    • Advisory Services
      • Assessments
      • Strategy
      • vCTO
      • vCISO
      • Enterprise Architecture
    • Staffing
      • Infrastructure Engineering
      • Security & Compliance
      • Application & Software
    • Professional Services
      • Project Management 
      • Systems Integration 
      • Mergers & Acquisitions
      • Knowledge & Skills Transfer 
  • Industries
    • Education
    • Finance
    • Healthcare
    • Legal
    • Manufacturing
    • Software and Services
  • Insights
    • News
    • Blog
    • Events
    • Videos
    • Case studies
  • Careers
  • CSP Login
search icon
Contact Us

Coming to America? California Passes GDPR Copycat Bill

GDPR only went into effect in late May, but it’s already inspired like-minded data privacy legislation on this side of the Atlantic. California, America’s technological heartland, recently signed off on a law that will give consumers greater control over their personal data. Much like GDPR before it, the new law’s impact could be widespread.

While not as vast as the European Union’s GDPR, California’s Consumer Privacy Act of 2018 – which goes live on January 1, 2020 – ranks as the strictest on the books in the United States. The legislation will force companies to disclose what information they’re collecting, how they’re using it, and who can access it. Moreover, it puts control back in the hands of citizens. People can decide if they want to share their information or if they want companies to delete stored personal data outright.

The California Consumer Privacy Act of 2018 applies to for-profit companies doing business in the state that collect consumer information, provided they meet any of the following criteria:

  • Exceed $25 million in gross revenue
  • Handle personal data of 50,000 or more people, devices, or households
  • Earn 50% of their annual revenue from selling consumer information

Businesses beholden to the California Consumer Privacy Act of 2018 who suffer a data breach could pay a hefty price. The law sets the minimum damages at $100 and the maximum at $750 per incident (or actual damages, whichever is greater). It’s not hard to imagine, even at that minimum level, some astronomical payments resulting from this new law – especially considering the size and scope of recent breaches.

It may make for some newfound compliance headaches; however, the California Consumer Privacy Act of 2018 is actually something of a best-case scenario for businesses. The law cut a speedy route through California’s legislature to head off a ballot initiative promising serious compliance migraines. Even though it’s not ideal from the business perspective, the Consumer Privacy Act apparently allows for far more flexibility than California’s voters would have come November.

Next steps: Get out in front of compliance challenges

January 1, 2020 will be here before you know it. Although, even if this particular piece of legislation doesn’t apply to your business, the clock is still ticking. Regulations such as GDPR and the California Consumer Privacy Act of 2018 are likely only the beginning. People want more power over their data and governments are always eager to find new sources of revenue. In that regard, it’s a match made in heaven. It’s up to businesses to figure out how to continue operating effectively to avoid a place in the crosshairs.

Looking for help navigating the increasingly complex web of cyber security regulations? Arraya Solutions has real world compliance and security experience at the C-Level. Our team will work closely with onsite IT and organizational leadership to diagnose compliance risks, devise a strategy on how to alleviate those hazards, and then execute on that plan. Start a conversation with our team of experts today by visiting: https://www.arrayasolutions.com//contact-us/.

As always, you can leave us a comment on this or any of our blogs through social media. Arraya can be found on LinkedIn, Twitter, and Facebook. Once you’ve let us know what you think, follow us to stay updated on our industry insights and learning opportunities.

Arraya Insights
Back to Top
Arraya Solutions logo

We combine technological expertise and personal service to educate and empower our customers to solve their individual IT challenges.

518 Township Line Road
Suite 250, Blue Bell, PA 19422

p: (866) 229-6234     f: (610) 684-8655
e: info@arrayasolutions.com

  • Careers
  • Privacy Policy
  • Contact Us

© 2025 Arraya Solutions. All rights reserved.

Facebook Twitter YouTube LinkedIn
Manage Cookie Consent
We use cookies to enhance your experience. By selecting “Accept,” you agree to our cookie policy.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}