A CCPA Vendor Assessor automatically assesses vendors under CCPA compliance. The tool guides the user through a series of questions to determine whether the processing of personal data falls within the scope of the definition of ‘sale’ regarding customer data, which includes any arrangement involving an exchange of value between the business and a third party for the personal information. Due to this broad definition and the strict requirements imposed by the CCPA (e.g. “Do Not Sell My Personal Information” button on homepages, rights to opt out, etc.) conducting case-by-case due diligence when entering into agreements with vendors becomes increasingly important. In addition, the tool allows businesses to self-assess whether any exceptions, such as the ‘Service Provider’ exception, apply. It streamlines the communication with third-party vendors and keeps inventory of all provided vendor information. As a result, the tool generates a due diligence report that outlines any red flags or necessary next steps to complete the assessment. Its modular logic can easily be updated to accommodate changing laws and to provide tailored advice to businesses in line with their services, products and type of vendors.
As businesses are increasing their efforts to comply with the strict CCPA requirements, the assessment of vendors and their CCPA compliance is becoming a focal point. A vexing issue in conducting third party due diligence is how to interpret the broad definition of ‘sale’ under the CCPA and how to determine whether specific exceptions are applicable. As a solution, businesses conduct case-by-case due diligence, which, due to the high volume of agreements and increasing complexity of the guidelines, is proving to be an onerous and time-consuming task. However, ensuring that vendors are fully CCPA compliant is essential also from a risk mitigation point of view as infringements can lead to substantial statutory damages.
With BRYTER, law firms can build an automated CCPA Vendor Assessor to allow businesses to self-assess whether a vendor satisfies all requirements under CCPA and whether any exceptions, such as the ‘Service Provider’ exception apply. To start the assessment, the user is guided through a series of questions and these inputs determine the scope and obligations the particular vendor needs to comply with and whether these requirements are met. Due to the open architecture of the BRYTER platform, the embedded modular logic of the tool can easily be amended to account for any changes in the law and to provide a tailored solution for a specific business, its vendors, services and products.
How it works
Go through Q&A
Through a customizable and user-friendly questionnaire, all relevant information such as the type of personal data, the type of processing and the details of the agreement is gathered from the user. These inputs then determine which CCPA requirements apply to the particular vendor.
Case-by-case due diligence
A due diligence report is generated on a case-by-case basis using the provided information. This report not only outlines the due diligence result but also provides the user with next steps to ensure full CCPA compliance.
The open architecture of the BRYTER platform allows the application to be updated continuously in the background ensuring that the generated advice is always compliant and up-to-date with any changes in the law.