California’s New Consumer Privacy Act will be going into effect in 2020 which will effectively give consumers more control over their private data. It is this new privacy law and others that will be implemented in the new year, that will impact online companies, especially those not prepared to comply with the new regulations.

If companies are in a mad scramble to comply with the new law, it’s likely because they don’t know where to start or don’t think it applies to their business. In fact, the law applies to anyone who collects information on at least 50 thousand California residents. If you have a website that’s had visits from that many California residents, the law no doubt covers you even if you operate outside of the state. A good place to start is to map out what data you collect through your website and mobile apps, which can reach and collect data on thousands of consumers and how. The latter will require knowing who your digital vendors are—ie, those who provide code for or host your payment page, those who deliver ads, or those whose widgets enable visitors to share or like your content, among others. These digital vendors, their own third parties, and their activities are often unknown to you and present avoidable risks like data breaches and abuses that can be fatal to the business. If you choose to take on this risk and you suffer a data breach, California residents can bring a private right of action against the business, to the tune of up to $750 per consumer. The key is to identify and manage these preventable risks, rather than normalize them.