6 steps to make your website CCPA-compliant today

6 steps to make your website CCPA-compliant today

For companies doing business with residents of California, CCPA and CPRA compliance are required. Here’s how to protect your business.
by Usercentrics
Apr 9, 2020
6 steps to make your website CCPA-compliant today
Table of contents
Show more Show less
Book a demo
Learn how our consent management solution can improve privacy and user experience for your users.
Get your free data privacy audit now!

Updated on

If your company does business with residents of California, you have to comply with the CCPA regulation in order to avoid hefty fines, which can be US $7,500 per willful violation. With the CPRA coming into effect January 1st, 2023, there are additional regulatory responsibilities. But does this include you?

 

If you run a for-profit company, you’re obligated to comply with the CCPA if your business:

  • receives, processes, or transfers data from over 50,000 Californians per annum
  • gross annual revenue exceeds US $25 million

or

  • at least 50% of your annual revenue comes from selling data belonging to Californians

Under the CPRA, these obligations have changed. Now a business needs to meet one or more of these thresholds:

  • Receives, processes, or transfers data from 100,000 or more consumers or households in California per annum (also no longer includes “devices”)
  • Annual gross revenues from the preceding calendar year exceeding US $25 million
  • At least 50% of annual revenue comes from selling or sharing data belonging to Californians

While it may be confusing for many to make entirely sure that a website is completely compliant with California’s privacy laws, we have compiled a checklist for website providers to stay on top of CCPA and CPRA regulations.

CCPA/CPRA Compliance Checklist

1. Include a descriptive data privacy policy

 

Does it include all relevant information? The CCPA/CPRA require website providers to be transparent with the type of data they collect from users, such as:

  • What kind of information you collect and process
  • Why you collect and process this information
  • How do you collect and process this information
  • The methods for users to to request access, change, move, or have their personal data deleted
  • The method for verifying the identity of the person who submits a request
  • Sale or sharing information for users’ personal data and how they can opt out of their data being sold or shared (requires the website to have a clear “Do Not Sell Or Share My Personal Information” link)

2. Right to Disclosure

 

If you sell or share information about consumers who are protected by the CCPA or CPRA, you must inform them before data collected about them is shared with third parties or sold. This can be done through the use of a consent management banner or pop-up when the user visits your site.

 

 

The CCPA and CPRA require obtaining prior consent from consumers before selling or sharing their personal information. Obtain consent directly from visitors that are over age 13 (includes minors 13 to 16 years old), or from parents or legal guardians if they are under 13. Also understand what is now classified as “sensitive” personal information and how it must be handled.

 

 

This link must be made clearly available on your website homepage, and can be done via the use of a CMP.

 

5. Make sure that users can contact you

 

The CCPA/CPRA grants your California users the rights to:

  • access the personal data you have collected from them or ask questions about its use
  • request changes or corrections to their data
  • request and receive a copy of their data to move it somewhere else
  • opt out of the sharing or sale of their data or the use of automated decision-making technologies with it
  • limit the use and disclosure of sensitive personal information
  • have it deleted, and
  • experience no retaliation following an opt-out or exercising of other rights

 

You have a duty to provide a straightforward means for submitting such requests, as well as the requirement to respond to them promptly.

 

6. Set up a system for identity verification for users submitting requests

 

If a business cannot reasonably verify the consumer’s identity to an appropriate degree of certainty, it must inform the consumer and explain why the request could not reasonably be verified or fulfilled.

 

Learn more about the full requirements of the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

 

Ensure that your website has a comprehensive and transparent privacy policy that informs users about the collection of their personal data, and enables them to opt out of its sharing or sale.

 

To be compliant with the CCPA, websites must also honor the Global Privacy Control (GPC) signal, which enables website visitors to set their privacy and consent preferences once and have them respected on all sites they visit.

 

A consent management platform enables privacy compliance with the CCPA, CPRA, and more regulations, and ideally respects the GPC signal, as the Usercentrics Consent Management Platform does.

 

Get in touch with one of our experts to get answers to your CCPA and CPRA questions.

 

*Usercentrics does not provide legal advice. To ensure your compliance with the CCPA, CPRA or other regulations, consult qualified legal counsel and review your privacy compliance operations regularly.

Home Resources Article 6 steps to make your website CCPA-compliant today

Related Articles

Japan Act on the Protection of Personal Information (APPI): An Overview

Japan Act on the Protection of Personal Information (APPI): An Overview

Japan has had data privacy laws for two decades. The APPI has notable differences from the GDPR, and was...

How to benefit from consent-based marketing

How to benefit from consent-based marketing

Data privacy continues to be a top priority for companies, as consumers increasingly want transparency and choice over...

How can we help you?
Do you want to know more about data privacy and consent management? Or get started with our Consent Management Solution right away.
Do you want to know more about data privacy and consent management?
Discover our blog for a deep dive on the latest industry news.
How can we help you?
Get started with our intelligent Consent Management solution right away. Or talk to one of our experts to help you find the right setup for your needs.