ISO Certification in Saudi Arabia in the wake of the increasing concerns over privacy protection, the U.S. state of California passed a new regulation at the end of June of this year to ensure the protection of Californian consumers. Coming into force by January 1, 2020, this law requires new levels of commitment by organizations regarding the handling of information, including severe penalties for non-compliance and security breaches, this article will show how ISO certification in Saudi Arabia, the leading standard for Information Security Management Systems (ISMS), can be used to ensure compliance with the clauses of this new regulation.
What is the CCPA?
The California Consumer Privacy Act (CCPA) is a U.S. regulation, from the state of California, related to the processing of personal data of California residents. This regulation has some resemblance to the European Union General Data Protection Regulation (EU GDPR), but while it doesn’t have some of the EU GDPR’s most onerous requirements, in other respects it goes even further.
Broadly speaking, the CCPA introduces:
- consumers’ right to know what personal information is being collected;
- consumers’ right to know whether their personal information is sold or disclosed, and to whom;
- consumers’ right to say no to the sale of their personal information;
- consumers’ right to access their personal information;
- consumers’ right to equal service and price, even if they exercise their privacy rights;
- broad definitions of “consumer” (clause 140(g)) and “personal information” (clause 1798.140(o)(1)) and, at the same time, limits to exclusion conditions;
- multiple thresholds to define who must comply with it.
Who must comply with the CCPA?
ISO consultant in Saudi Arabia If your organization falls under any one of the three thresholds described below, it must comply with the CCPA: companies with annual gross revenues of $25 million per year; companies that obtain the personal information of 50,000 or more California residents, households, or devices annually; or companies receiving 50 percent or more of their annual revenue from selling California residents’ personal information. Fees for failure to comply with the CCPA may vary from $2,500 per unintentional violation up to $7,500 per intentional violation of any provision of this regulation. Regarding data breaches, the fee can be between $100 and $750 per California resident per incident, or actual damages, whichever is greater.
What is the ISO Certification in Saudi Arabia?
ISO in Saudi Arabia is the ISO standard that describes how to manage information security in an organization. It consists of 10 clauses in the main part of the standard, and 114 security controls grouped into 14 sections in Annex A. ISO 27001:2013 clauses from the main part of the standard are:
4 – Context of the organization
5 – Leadership
6 – Planning
7 – Support
8 – Operation
9 – Performance evaluation
10 – Continual improvement
ISO Services in Saudi Arabia Annex A covers controls related to organizational structure (both physical and logical), human resources, information technology, supplier management, etc. For detailed information, read: What is ISO Services in Saudi Arabia? and an overview of ISO 27001:2013 Annex A.
Will compliance with the EU GDPR help comply with the CCPA?
Although the CCPA resembles the GDPR, just expanding your coverage of EU GDPR measures is not enough to ensure compliance with the CCPA. These are some examples: The CCPA prescribes disclosures, communication channels, and other concrete measures that are not required by the EU GDPR. The CCPA imposes more rigid restrictions on data sharing for commercial purposes than does the EU GDPR.
ISO Implementation in Saudi Arabia: A solid basis for privacy protection
First published in 2005, and revised in 2013, ISO 27001 is a seasoned standard with successful cases of integration with other laws such as Sarbanes Oxley, U.S. DFARS 7012, and the EU GDPR, with this last one being the most similar to the CCPA By adopting ISO Implementation in Saudi Arabia practices to support CCPA compliance, organizations working with California citizens’ data can benefit from a systematic way to ensure and demonstrate the effectiveness of the security controls and procedures related to privacy protection. They can also benefit from review activities to improve security measures when and where necessary.
How to get ISO Certification in Saudi Arabia?
Are you looking to get the new version of ISO Certification in Saudi Arabia? Certvalue is Having Top Consultant to give ISO Services in Saudi Arabia.it helps the organization to meet its Customer Requirements. After getting Certified under ISO Services in Saudi Arabia it helps to get more income and business for new customers. We are the top Certvalue Service provider for each one of your necessities. Feel free to send an inquiry to certvalue.com