The California Consumer Privacy Act (CCPA) isn’t set to take effect until January 1, 2020, and with an expected enforcement date of July 2020, you may be thinking you have plenty of time to get your privacy plan in place. However, the CCPA has a 12-month look back requirement. That means when a consumer makes a verifiable request to access their personal information, organizations are required to provide records covering the 12-month period preceding the date of the request – requiring your organization to have and maintain accurate records of a consumer’s personal information for at least 12 months prior to the effective date.  

Here are 5 simple steps your organization can take now to ensure you’re CCPA ready: 

1.Get Educated 

The first step to take toward compliance is to understand the CCPA. At a high level, the CCPA gives consumers – defined as natural persons residing in California – several rights with respect to the personal information businesses collect or sell about them. Personal information is defined very broadly as information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.  

The rights outlined in the CCPA will require companies to adapt their privacy programs to comply with the law. Some of these rights include: 

To learn more about the CCPA, check out our free CCPA resources 

2. Identify Your Internal “CCPA Team” 

Your internal CCPA team will depend on many factors including the size of your organization, industry, and available resources. But keep in mind that your CCPA team should have a clear understanding of the law and be well versed in your company processes and procedures around handling personal information. Also consider including individuals whose departments will be directly involved and impacted by the CCPA, like your marketing team, HR, and IT.  

3. Conduct a CCPA Readiness Assessment 

A Readiness Assessment is an integral part of your CCPA preparedness and can help you understand if your business and current privacy program can respond to the new CCPA requirements as well as identify areas where changes and/or new processes are needed. Further, a comprehensive readiness assessment, like the OneTrust Readiness Assessment available in the OneTrust Readiness & Accountability Tool, will help you identify the gaps. The OneTrust Tool also gives you the ability to create a data map, build a consumer rights portal, track consent, as well as manage vendors and incidents for compliance with CCPA. You can use OneTrust’s free CCPA Initial Planning Assessment to get started now. 

4. Prioritize Your Needs  

Once you have a clear idea of the areas within your privacy program that need to be created or adjusted, you can begin to prioritize your next steps accordingly. Many organizations adopt an incremental approach to their implementation, starting with a strong foundation to support compliance throughout the life of a privacy program. Having a clear understanding of how your organization plans to handle the intake and fulfillment of consumer rights requests, as well as understanding where personal information is distributed across your organization through a comprehensive data map, will be necessary steps in your CCPA compliance journey.  

5. Implement Your Privacy Program  

Now that your assessment is complete, and your priorities have been mapped out, you can begin implementing your CCPA privacy program. Like any regulation, there is an expectation that there will be updates to the rules issued in the CCPA, so keeping up with these regulatory changes is key to remaining CCPA compliant. This is an area where your internal CCPA team can assist by staying informed of any updates or changes to the law and working to adapt your privacy plan accordingly. Spend some time determining your internal processes for handling consumer requests and begin training your organization on best practices and expectations. You can also utilize OneTrust’s CCPA Professional Services for implementation support as well as post-implementation CCPA Validation.   

Regardless of the maturity of your privacy program, it’s never too soon to start planning for your CCPA readiness. OneTrust for CCPA is a full set of scalable solutions and services specifically designed to implement CCPA requirements and workflows to support a global privacy program. 

For additional information, or to request a live OneTrust Privacy Management Software demo, visit or email [email protected] 


Check out the first 2 blogs in our CCPA blog series: