CCPA Compliance: become compliant with the California Consumer Privacy Act

The Usercentrics Consent Management Platform (CMP) helps you to build user trust, grow revenues and meet CCPA and CPRA compliance requirements.
Desktop and mobile device with CCPA and CPRA ready badge
CCPA overview CCPA overview CPRA overview CPRA overview
User icon inside a lock

The CCPA and CPRA are extraterritorial, so it only matters if people whose data is being processed are located in California, not if the company processing the data is.

With the CPRA, California has added a new agency in the CPPA, specifically for privacy administration and enforcement.

Privacy compliance is now both a legal requirement and a necessity for brand trust. A consent management solution is a valuable tool to achieve and maintain privacy compliance.

Organizations must also notify consumers of their rights and complete the following in a timely manner upon receiving a request from a consumer:

  • provide consumers with the right to
  • opt -out of the sale of their personal data
  • request a copy of their personal data information
  • have their personal data deleted or updated it, if necessary.
  • Consumers have the right to object to (opt out of) the processing of their data at any time, otherwise companies can share or sell that personal data
  • Companies must provide a clear “Do not sell (or share) my personal information” link on their website
  • Companies must provide a clear, up to date description of consumers’ rights
  • Consumers have the right to know who collects or sells their data, how it’s used, and request it be deleted or not sold
Usercentrics shield checkmark logo
Global to granular grant or deny consent

What is Global Privacy Control?

Global Privacy Control (GPC) is an initiative to provide global standardization for user consent online. It’s compulsory for CCPA/CPRA compliance and would enable consumers to easily create a single set of personal data privacy consent preferences. These settings provide a clear signal of the user’s preferences to all websites or apps they visit, rather than requiring users to set new preferences on every site they visit. It would also help ensure that all regulatory requirements for data privacy are met.

This specification would not be dependent on specific technologies to work, facilitating innovation. It would benefit both businesses and consumers with streamlined privacy management and improved user experience.

Comply with relevant regulations and be prepared to do business globally. E.g. with the EU’s GDPR, Brazil’s LGPD, CCPA, South Africa’s POPIA and industry-specific solutions like the IAB TCF framework.

Our Consent Management Platform (CMP) is easy to set up, fully customizable and keeps you up to date with the latest tech and legal expertise. It integrates seamlessly with your website or app, as well as with your favorite third-party tools. Optimize interaction and consent rates to boost revenues, build trust and make smarter decisions and meet your data-driven goals.

Build trust with users by being transparent about data usage. Provide granular information and consent options for data processing services in use. Easily include the required “Do not sell my Personal Information” link for opt out. Ensure user preferences are stored and documented in compliance with the law.

Take advantage of the CMP’s customizability to continually optimize the UI. Benefit from features like A/B Testing, Preview and Publish, contextual consent and best-in-class Analytics. Improve user experience to increase interactions and consent rates.

“In order to be GDPR-compliant it was of great importance for us to carefully collect and document the consent of our website visitors. We initially had concerns that our relatively complex tag management would make the implementation more difficult. However, they were quickly dispelled.”
— Chief Digital Officer, Movinga GmbH

We enable you to achieve CCPA and CPRA compliance by providing the required privacy information on your website or app and enabling California residents to opt out of the processing of their data via a “Do Not Sell Or Share My Personal Information” link.

Contact our expert team

We’re happy to help answer questions about data privacy and the CCPA/CPRA. Learn about Usercentrics’ Consent Management Platform.

  • Doing business in California and unsure whether your business is compliant with privacy law?
  • Not sure how to achieve compliance or what your company’s specific responsibilities are?
  • Get in touch and learn how the Usercentrics Consent Management Platform can help you achieve CCPA and CPRA compliance.
  • Looking to partner with us?
Contact sales
Contact chat bubble at the bottom right corner of a chat illustration

Frequently asked questions

What happens if my company is not compliant with CCPA?

You risk fines, civil penalties, and reputational losses for failing to comply with CCPA. For an unintentional violation, you can be fined up to US $2,500 per violation. For an intentional violation, the fine is three times higher at US $7,500 per violation. Further, you could face class-action lawsuits, where, for example, affected users could be entitled to damages ranging between US $100 to $750 per person for a data breach. You could also lose revenue from user churn because of loss of trust and damage to your reputation.

What is the difference between GDPR and CCPA compliance for California residents?

While both the GDPR and CCPA protect user privacy and regulate how companies that collect user information handle this sensitive data, there are some differences in how they apply.
The GDPR applies to any organization that processes data from users in the EU, regardless of where the company is located. The CCPA only applies to organizations that process data from California residents.

Additionally, the company has to receive, process, or transfer data from 100,000 or more consumers or households in California per year, or have a gross annual revenue (in the previous year) exceeding US $25 million, or earn at least 50% annually from selling or sharing users’ data.

Like the GDPR, the company’s location has no bearing on whether the CCPA applies, if they are processing the personal data of California residents. Second, the GDPR requires that companies must have a legal basis for collecting user data, while the CCPA has no such requirement. Third, the GDPR requires explicit user consent before personal data can be collected and used. Users must actively opt in before a company can collect their data. The CCPA doesn’t require user consent to collect, process, or sell data. Instead, it requires users to opt out and request that their personal data not be collected or sold.. While the GDPR doesn’t require any explicit language in cookie consent banners or elsewhere, the CCPA requires companies to have a link titled “Do Not Sell Or Share My Personal Information” clearly visible on their website.