CCPA Compliance: become compliant with the California Consumer Privacy Act

VALUING PRIVACY
The CCPA and CPRA are extraterritorial, so it only matters if people whose data is being processed are located in California, not if the company processing the data is.
With the CPRA, California has added a new agency in the CPPA, specifically for privacy administration and enforcement.
Privacy compliance is now both a legal requirement and a necessity for brand trust. A consent management solution is a valuable tool to achieve and maintain privacy compliance.
Organizations must also notify consumers of their rights and complete the following in a timely manner upon receiving a request from a consumer:
ACHIEVING COMPLIANCE
PRIVACY INNOVATION
Global Privacy Control (GPC) is an initiative to provide global standardization for user consent online. It’s compulsory for CCPA/CPRA compliance and would enable consumers to easily create a single set of personal data privacy consent preferences. These settings provide a clear signal of the user’s preferences to all websites or apps they visit, rather than requiring users to set new preferences on every site they visit. It would also help ensure that all regulatory requirements for data privacy are met.
This specification would not be dependent on specific technologies to work, facilitating innovation. It would benefit both businesses and consumers with streamlined privacy management and improved user experience.
We enable you to achieve CCPA and CPRA compliance by providing the required privacy information on your website or app and enabling California residents to opt out of the processing of their data via a “Do Not Sell Or Share My Personal Information” link.
YOUR QUESTIONS ANSWERED
We’re happy to help answer questions about data privacy and the CCPA/CPRA. Learn about Usercentrics’ Consent Management Platform.
“In order to be GDPR-compliant it was of great importance for us to carefully collect and document the consent of our website visitors. We initially had concerns that our relatively complex tag management would make the implementation more difficult. However, they were quickly dispelled.”
“Short implementation of 7 days for our first site. We can rollout templates with already defined consent technologies, so we stay concentrated on the real issues which bring us further.”
“It’s super easy to use with an intuitive dashboard. You can customise the CMP with just a few clicks. A/B testing is easily setup. Legal texts are up to date which saved me a lot of time. ”
“We were looking for a tool that allows us to easily and conveniently implement GDPR compliance when using tracking and services on our website. Usercentrics was the ideal solution to find this as the tool covers all essential features and makes it possible for businesses to stay compliant without any hassle”
What happens if my company is not compliant with CCPA?
You risk fines, civil penalties, and reputational losses for failing to comply with CCPA. For an unintentional violation, you can be fined up to US $2,500 per violation. For an intentional violation, the fine is three times higher at US $7,500 per violation. Further, you could face class-action lawsuits, where, for example, affected users could be entitled to damages ranging between US $100 to $750 per person for a data breach. You could also lose revenue from user churn because of loss of trust and damage to your reputation.
What is the difference between GDPR and CCPA compliance for California residents?
While both the GDPR and CCPA protect user privacy and regulate how companies that collect user information handle this sensitive data, there are some differences in how they apply.
The GDPR applies to any organization that processes data from users in the EU, regardless of where the company is located. The CCPA only applies to organizations that process data from California residents.
Additionally, the company has to receive, process, or transfer data from 100,000 or more consumers or households in California per year, or have a gross annual revenue (in the previous year) exceeding US $25 million, or earn at least 50% annually from selling or sharing users’ data.
Like the GDPR, the company’s location has no bearing on whether the CCPA applies, if they are processing the personal data of California residents. Second, the GDPR requires that companies must have a legal basis for collecting user data, while the CCPA has no such requirement. Third, the GDPR requires explicit user consent before personal data can be collected and used. Users must actively opt in before a company can collect their data. The CCPA doesn’t require user consent to collect, process, or sell data. Instead, it requires users to opt out and request that their personal data not be collected or sold.. While the GDPR doesn’t require any explicit language in cookie consent banners or elsewhere, the CCPA requires companies to have a link titled “Do Not Sell Or Share My Personal Information” clearly visible on their website.