If you choose to do business in California, then you have 30 days to comply with the law once regulators notify you of a violation. Organizations that achieve compliance within the given timeframe can continue to operate as usual. Failure to reach compliance is a different story, as you may be fined up to $7,500 per record.
On the face of it, that fine doesn’t seem like much for a company. However, that thought changes quickly when you realize how many records can be affected in a breach. Those fines add up quickly for the average data leak.
Additionally, there’s the danger of lawsuits. If a consumer sends notice to your company that they believe their privacy rights were violated, you have a 30-day window to fix the situation. If nothing is done after those 30 days and the attorney general declines to prosecute, that consumer can file a class action lawsuit.