“For those who will for the first time be facing consumer data access requests under the CCPA, my advice is to get started now building automated systems when possible and human teams that can help you gather data and respond to requests in a timely manner because it takes longer and is more difficult than you might think,” says Rita Heimes of the IAPP, discussing experiences and lessons learned after one year implementing GDPR compliance.

Read Rita’s full piece for the International Association of Privacy Professionals.