CHAPTER 4: ROLES IN THE CPRA: BUSINESSES, BUSINESS PURPOSE, AND SERVICE PROVIDER
Considerable attention has already been given to what constitutes a “business” under the CPRA. As explained, “business” describes covered entities, those organizations primarily responsible for complying, and demonstrating compliance with the CPRA. This responsibility largely hinges on which organization in the data supply chain collects personal information, or directs the means and/or purposes for processing the information. This is similar to the GDPR’s understanding of a “data controller.”
Under the GDPR, there are both “data controllers” and “data processors.” Data processors process personal information on behalf of the data controller, usually based on explicit ...
Get The California Privacy Rights Act (CPRA) – An implementation and compliance guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.