A CCPA Vendor Assessor automatically assesses vendors under CCPA compliance. The tool guides the user through a series of questions to determine whether the processing of personal data falls within the scope of the definition of ‘sale’ regarding customer data, which includes any arrangement involving an exchange of value between the business and a third party for the personal information. Due to this broad definition and the strict requirements imposed by the CCPA (e.g. “Do Not Sell My Personal Information” button on homepages, rights to opt out, etc.) conducting case-by-case due diligence when entering into agreements with vendors becomes increasingly important. In addition, the tool allows businesses to self-assess whether any exceptions, such as the ‘Service Provider’ exception, apply. It streamlines the communication with third-party vendors and keeps inventory of all provided vendor information. As a result, the tool generates a due diligence report that outlines any red flags or necessary next steps to complete the assessment. Its modular logic can easily be updated to accommodate changing laws and to provide tailored advice to businesses in line with their services, products and type of vendors.

Background

As businesses are increasing their efforts to comply with the strict CCPA requirements, the assessment of vendors and their CCPA compliance is becoming a focal point. A vexing issue in conducting third party due diligence is how to interpret the broad definition of ‘sale’ under the CCPA and how to determine whether specific exceptions are applicable. As a solution, businesses conduct case-by-case due diligence, which, due to the high volume of agreements and increasing complexity of the guidelines, is proving to be an onerous and time-consuming task. However, ensuring that vendors are fully CCPA compliant is essential also from a risk mitigation point of view as infringements can lead to substantial statutory damages.

With BRYTER, law firms can build an automated CCPA Vendor Assessor to allow businesses to self-assess whether a vendor satisfies all requirements under CCPA and whether any exceptions, such as the ‘Service Provider’ exception apply. To start the assessment, the user is guided through a series of questions and these inputs determine the scope and obligations the particular vendor needs to comply with and whether these requirements are met. Due to the open architecture of the BRYTER platform, the embedded modular logic of the tool can easily be amended to account for any changes in the law and to provide a tailored solution for a specific business, its vendors, services and products. 

Benefits

Automated & Standardized

A CCPA Vendor Assessor allows companies to auto-assess their vendors against CCPA requirements with regard to the type of data processing involved. This ensures a consistent approach and documentation.

Integrated

A CCPA Vendor Assessor can easily be integrated into an existing IT infrastructure so that users can for example access the tool via a client portal or within their company’s intranet. 

Centralized audit trail

Within a CCPA Vendor Assessor, all collected vendor informationdue diligence results and next steps are tracked and documented in a centralized audit trail. This allows businesses to prove and document compliance efforts, if needed.

Highly customizable

As every application built on BRYTER is customizable, a CCPA Vendor Assessor may contain guidance for businesses of all sizes and can easily be updated to accommodate changing laws.  

How it works

1

Go through Q&A

Through a customizable and user-friendly questionnaire, all relevant information such as the type of personal data, the type of processing and the details of the agreement is gathered from the user. These inputs then determine which CCPA requirements apply to the particular vendor.

Case-by-case due diligence

A due diligence report is generated on a case-by-case basis using the provided information. This report not only outlines the due diligence result but also provides the user with next steps to ensure full CCPA compliance.

2
3

Keep up-to-date

The open architecture of the BRYTER platform allows the application to be updated continuously in the background ensuring that the generated advice is always compliant and up-to-date with any changes in the law.