For a less conservative take, here are the Ten Commandments of California Consumer Privacy Act Compliance:
• Thou shalt make for yourself a person overseeing privacy compliance in thine corporation.
• Thou shalt map thy data so thou knowest what it is, wherefrom it cometh and where it is shared.
• Thou shalt keep thy service providers close and thy third parties closer and revise thine own agreements with them.
• Thou shalt recognize thy consumers and grant them rights to access information, delete information or opt out of a sale.
• Thou shalt guard thy personal information like the apple of thine eye.
• Thou shalt protect thy data from invasion and notify those affected.
• Thou shalt train thy employee in the ways of the CCPA.
• Thou shalt revise thine privacy notices and let there be four (notice of collection, notice of opt out, notice of financial incentives (if any) and privacy policy).
• Thou shalt set in stone thine policies and procedures.
• Thou shalt revise policies and procedures to demonstrate thy compliance.
[View source.]
