The California Consumer Privacy Act (CCPA) isn’t set to take effect until January 1, 2020, and with an expected enforcement date of July 2020, you may be thinking you have plenty of time to get your privacy plan in place. However, the CCPA has a 12-month look back requirement. That means when a consumer makes a verifiable request to access their personal information, organizations are required to provide records covering the 12-month period preceding the date of the request – requiring your organization to have and maintain accurate records of a consumer’s personal information for at least 12 months prior to the effective date. Here are 5 simple steps to CCPA readiness that your organization can take now:

1. Get Educated

The first step towards CCPA readiness is to understand the CCPA. At a high level, the CCPA gives consumers – defined as natural persons residing in California – several rights with respect to the personal information businesses collect or sell about them. Personal information is defined very broadly as information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

The rights outlined in the CCPA will require companies to adapt their privacy programs to comply with the law. Some of these rights include:

  • Right to request information
  • Right to opt out of the sale of your personal information
  • Right to have your personal information deleted
  • Right to be informed that personal information is being disclosed or sold

To learn more about the CCPA, check out our free CCPA resources.

2. Identify Your Internal “CCPA Team”

Your internal CCPA team will depend on many factors including the size of your organization, industry, and available resources. But keep in mind that your CCPA team should have a clear understanding of the law and be well versed in your company processes and procedures around handling personal information. Also consider including individuals whose departments will be directly involved and impacted by the CCPA, like your marketing team, HR, and IT.

3. Conduct a CCPA Readiness Assessment

A Readiness Assessment is an integral part of your CCPA preparedness and can help you understand if your business and current privacy program can respond to the new CCPA requirements as well as identify areas where changes and/or new processes are needed. Further, a comprehensive readiness assessment, like the OneTrustReadiness Assessment available in the OneTrustReadiness & Accountability Tool, will help you identify the gaps. The OneTrustTool also gives you the ability to create a data map, build a consumer rights portal, track consent, as well as manage vendors and incidents for compliance with CCPA.

4. Prioritize Your Needs

Once you have a clear idea of the areas within your privacy program that need to be created or adjusted, you can begin to prioritize your next steps accordingly. Many organizations adopt an incremental approach to their implementation, starting with a strong foundation to support compliance throughout the life of a privacy program. Having a clear understanding of how your organization plans to handle the intake and fulfillment of consumer rights requests, as well as understanding where personal information is distributed across your organization through a comprehensive data map, will be necessary in your steps to CCPA readiness.

5. Implement Your Privacy Program

Now that your assessment is complete, and your priorities have been mapped out, you can begin implementing your CCPA privacy program. Like any regulation, there is an expectation that there will be updates to the rules issued in the CCPA, so keeping up with these regulatory changes is key to remaining CCPA compliant. This is an area where your internal CCPA team can assist by staying informed of any updates or changes to the law and working to adapt your privacy plan accordingly. Spend some time determining your internal processes for handling consumer requests and begin training your organization on best practices and expectations. You can also utilize OneTrust’sCCPA Professional Services for implementation support as well as post-implementation CCPA Validation.

Regardless of the maturity of your privacy program, it’s never too soon to start planning for your CCPA readiness. OneTrustfor CCPA is a full set of scalable solutions and services specifically designed to implement CCPA requirements and workflows to support a global privacy program.

For additional information, or to request a live OneTrustPrivacy Management Software demo, visit OneTrust.comor email [email protected]


  • Learn moreabout OneTrustfor CCPA
  • Download the whitepaper: How OneTrustHelps: California Consumer Privacy Act (CCPA)
  • Download the free OneTrustCCPA Mobile App from the App Store and Google Play

Check out the first 2 blogs in our CCPA blog series: