CCPA Compliance: become compliant with the California Consumer Privacy Act

The Usercentrics Consent Management Platform (CMP) helps you to build user trust, grow revenues and meet CCPA and CPRA compliance requirements.

Get started

What is the difference between CCPA and CPRA?

The CCPA was the first state-level privacy law in the United States, implemented on July 1, 2020. It has been influential on subsequent laws in other states. The CPRA, which came into effect in California on January 1, 2023, significantly expands the CCPA and is designed to work in tandem.
CCPA and CPRA compliance applies to companies:
• with at least US $25 million annual gross revenue, or
• that derive more than 50% of their annual revenues from the sale or sharing
of personal data, or
• that process personal data of at least 100,000 California residents for commercial purposes (under the CCPA it was 50,000).
The CPRA modifies and expands consumers’ rights, will also cover B2B data, and sees the establishment of the California Privacy Protection Agency (CPPA).

CCPA overview

CPRA overview

VALUING PRIVACY

The CCPA and CPRA are extraterritorial, so it only matters if people whose data is being processed are located in California, not if the company processing the data is.

With the CPRA, California has added a new agency in the CPPA, specifically for privacy administration and enforcement.

Privacy compliance is now both a legal requirement and a necessity for brand trust. A consent management solution is a valuable tool to achieve and maintain privacy compliance.

Organizations must also notify consumers of their rights and complete the following in a timely manner upon receiving a request from a consumer:

provide consumers with the right to
opt -out of the sale of their personal data
request a copy of their personal data information
have their personal data deleted or updated it, if necessary.

ACHIEVING COMPLIANCE

Consumers have the right to object to (opt out of) the processing of their data at any time, otherwise companies can share or sell that personal data
Companies must provide a clear “Do not sell (or share) my personal information” link on their website
Companies must provide a clear, up to date description of consumers’ rights
Consumers have the right to know who collects or sells their data, how it’s used, and request it be deleted or not sold

PRIVACY INNOVATION

What is Global Privacy Control?

Global Privacy Control (GPC) is an initiative to provide global standardization for user consent online. It’s compulsory for CCPA/CPRA compliance and would enable consumers to easily create a single set of personal data privacy consent preferences. These settings provide a clear signal of the user’s preferences to all websites or apps they visit, rather than requiring users to set new preferences on every site they visit. It would also help ensure that all regulatory requirements for data privacy are met.

This specification would not be dependent on specific technologies to work, facilitating innovation. It would benefit both businesses and consumers with streamlined privacy management and improved user experience.

Obtain user consent correctly

Comply with relevant regulations and be prepared to do business globally. E.g. with the EU’s GDPR, Brazil’s LGPD, South Africa’s POPIA and industry-specific solutions like the IAB TCF 2.2 framework.

Seamless integration

Our Consent Management Platform (CMP) is easy to set up, fully customizable and keeps you up to date with the latest tech and legal expertise. It integrates seamlessly with your website or app, as well as with your favorite third-party tools. Optimize interaction and consent rates to boost revenues, build trust and make smarter decisions and meet your data-driven goals.

Build user trust

Build trust with users by being transparent about data usage. Provide granular information and consent options for data processing services in use. Easily include the required “Do not sell my Personal Information” link for opt out. Ensure user preferences are stored and documented in compliance with the law.

Increase consent rates

Take advantage of the CMP’s customizability to continually optimize the UI. Benefit from features like A/B Testing, Preview and Publish, contextual consent and best-in-class Analytics. Improve user experience to increase interactions and consent rates.

Choose the right CCPA / CPRA compliance solution for your business

We enable you to achieve CCPA and CPRA compliance by providing the required privacy information on your website or app and enabling California residents to opt out of the processing of their data via a “Do Not Sell Or Share My Personal Information” link.

Get started

YOUR QUESTIONS ANSWERED

Contact our expert team

We’re happy to help answer questions about data privacy and the CCPA/CPRA. Learn about Usercentrics’ Consent Management Platform.

Doing business in California and unsure whether your business is compliant with privacy law?
Not sure how to achieve compliance or what your company’s specific responsibilities are?
Get in touch and learn how the Usercentrics Consent Management Platform can help you achieve CCPA and CPRA compliance.
Looking to partner with us? Get in touch here.

Contact an expert

“In order to be GDPR-compliant it was of great importance for us to carefully collect and document the consent of our website visitors. We initially had concerns that our relatively complex tag management would make the implementation more difficult. However, they were quickly dispelled.”

Dennis GneussChief Digital Officer, Movinga GmbH

“Short implementation of 7 days for our first site. We can rollout templates with already defined consent technologies, so we stay concentrated on the real issues which bring us further.”

Larissa WißmannHead of Digital Enterprise Services, Haufe Group

“It’s super easy to use with an intuitive dashboard. You can customise the CMP with just a few clicks. A/B testing is easily setup. Legal texts are up to date which saved me a lot of time. ”

Tilman PfeifferInternational Expansion Small-Business

“We were looking for a tool that allows us to easily and conveniently implement GDPR compliance when using tracking and services on our website. Usercentrics was the ideal solution to find this as the tool covers all essential features and makes it possible for businesses to stay compliant without any hassle”

Michael SchmitzEntrepreneur In Residence, EMIL Group

Learn more

Scan your Website for
Cookies and Services

Free Data Privacy Audit

CCPA/CPRA
Checklist

Download Checklist

5 steps to make your website
CCPA/CPRA-compliant today

Read article

Frequently asked questions

What happens if my company is not compliant with CCPA?

You risk fines, civil penalties, and reputational losses for failing to comply with CCPA. For an unintentional violation, you can be fined up to US $2,500 per violation. For an intentional violation, the fine is three times higher at US $7,500 per violation. Further, you could face class-action lawsuits, where, for example, affected users could be entitled to damages ranging between US $100 to $750 per person for a data breach. You could also lose revenue from user churn because of loss of trust and damage to your reputation.

What is the difference between GDPR and CCPA compliance for California residents?

While both the GDPR and CCPA protect user privacy and regulate how companies that collect user information handle this sensitive data, there are some differences in how they apply.

The GDPR applies to any organization that processes data from users in the EU, regardless of where the company is located. The CCPA only applies to organizations that process data from California residents.

Additionally, the company has to receive, process, or transfer data from 100,000 or more consumers or households in California per year, or have a gross annual revenue (in the previous year) exceeding US $25 million, or earn at least 50% annually from selling or sharing users’ data.

Like the GDPR, the company’s location has no bearing on whether the CCPA applies, if they are processing the personal data of California residents. Second, the GDPR requires that companies must have a legal basis for collecting user data, while the CCPA has no such requirement. Third, the GDPR requires explicit user consent before personal data can be collected and used. Users must actively opt in before a company can collect their data. The CCPA doesn’t require user consent to collect, process, or sell data. Instead, it requires users to opt out and request that their personal data not be collected or sold.. While the GDPR doesn’t require any explicit language in cookie consent banners or elsewhere, the CCPA requires companies to have a link titled “Do Not Sell Or Share My Personal Information” clearly visible on their website.