How Prepared are Organizations for the CCPA?

Read the OneTrust & IAPP Benchmarking Report

Download Now

About the CCPA

The California Consumer Privacy Act (CCPA) introduces new rights for California residents – forcing companies that conduct business in the State of California to implement structural changes to their privacy programs or face non-compliance.

The CCPA will take effect on January 1, 2020. This may appear to give your organization time to prepare. However, the law has a “look back” requirement - requiring organizations to provide records covering the 12-month period preceding the date of a consumer's request to access their personal information. As a result, many organizations are making necessary CCPA operational changes and leveraging the new law as a stepping stone to building a comprehensive privacy program. 

A Strong Foundation for CCPA Compliance

Privacy Management

Utilize OneTrust’s innovative technology products to tackle CCPA compliance

Research & Resources

Access OneTrust’s library of free resources to help your team prepare for the CCPA

Professional Services

OneTrust’s expert consulting services help you understand your CCPA readiness


Network of CCPA privacy professionals and workshops across the globe

How OneTrust Helps

With OneTrust, your organization can take a holistic approach to CCPA compliance by leveraging a comprehensive suite of tools, each offering CCPA-specific functionality. By leveraging internal governance tools as well as consumer-facing tools, your organization can pinpoint where personal data resides and how it is used; streamline your ability to act when consumers exercise their rights to information and deletion; and manage opt outs relating to the sale of  personal information. The OneTrust platform directly addresses CCPA requirements and sets organizations on the right trajectory for supporting a global privacy program.

OneTrust for CCPA

Recommended CCPA Solutions to Build Your Program

CCPA Research &
Readiness Tools
CCPA “Do Not Sell” &
“Consumer Rights”
CCPA Privacy Governance
CCPA Consumer
Research Portal
Research the CCPA

And keep track of latest developments and guidance

Consumer Rights
Fulfill Consumer Rights

Intake & Fulfillment of "Do Not Sell", Consumer Information, Deletion Requests

Data Inventory
& Mapping
Map CCPA Dataflows

For California consumer data flows and meet CCPA "Look Back" Requirements

Incident &
Breach Response
Meet California/US Breach Notification Rules

300+ International and State Regulations built-in

Track Verifiable Consent

Sync Consent Across Systems To Avoid Unauthorized Sale of Consumer Data

Global Readiness &
Benchmark CCPA readiness

To identify gaps, project plan, and provide executive reports

Cookie Consent &
Website Scanning
"Do Not Sell" for Websites

Provide opt-out for advertising and data collection cookies on website

CCPA-Based PIAs & PbD

To verify ongoing processes meet CCPA requirements and keep data map updated

Vendor Risk
Verify Vendors Meet CCPA

Assess Vendors and Efficiently Navigate “Cure” Periods

Centralize Consumer Preferences

Drive Consumer Engagement With Configurable Preference Centers

Whitepaper: How OneTrust Helps with the CCPA 

Download Now

OneTrust Internal Governance Tools for CCPA Compliance

Privacypedia™ by OneTrust 

Due to the evolving nature of global privacy law, you should look to an organized, comprehensive research tool that keeps pace with frequent regulatory change and explains how privacy laws affect your organization. Use Privacypedia™ by OneTrust to access a centralized resource aggregator that includes the full CCPA text, as well as summaries, comprehensive guides, and regulatory guidance. Privacypedia™ is continually updated by the OneTrust global research team and includes the latest amendments, news, and guidance

Readiness & Accountability Tool 

The OneTrust Readiness & Accountability tool is an easy way to track your overall CCPA readiness and offers a definitive path to compliance. With the OneTrust Readiness & Accountability tool, leverage a research-backed CCPA readiness questionnaire, which helps assess your organization's CCPA gaps and offers remediation recommendations to minimize risks. 

Data Inventory & Mapping 

OneTrust Data Inventory & Mapping technology is a core asset for those seeking to prepare for the CCPA. CCPA-specific data elements built into OneTrust help your organization track key attributes when mapping data for CCPA compliance. Additionally, leverage bulk importing capabilities to attach CCPA-specific data elements to existing data. 

Assessment Automation 

Assessments are core to the development of every comprehensive privacy program. OneTrust Assessment Automation offers updated, CCPA-specific PIAs to adhere to data minimization and purpose limitation considerations outlined under the CCPA. With Assessment Automation, take advantage of automated CCPA-specific risk flagging and research-backed remediation recommendations. 

Vendor Risk Management

With OneTrust Vendor Risk Management, your organization can better understand which vendors have access to your consumers’ data. Leverage OneTrust Vendor Risk Management to communicate with third-party vendors to meet consumer requests for data access and deletion. Additionally, generate visuals to map vendors and data flows state by state and around the world. 

Incident & Breach Response 

Taking a proactive approach to incident and breach response, regardless of which data breach notification or privacy laws apply, helps decrease risks and other potential negative impacts should a breach occur. OneTrust Incident & Breach Response enables your organization to analyze incidents with a built-in, California Data Breach Notification assessment template. With customizable workflows, streamline response and quickly remedy a violation within the CCPA's 30-day cure period. 

OneTrust Consumer Facing Tools for CCPA Compliance

Consumer Rights Management 

The OneTrust Consumer Rights Management tool is equipped to streamline the intake and fulfillment of requests for information, a new consumer right under the CCPA. The CCPA stipulates a 45-day response timeline for consumer data requests. With OneTrust, intake consumer rights requests and leverage CCPA-specific response workflows to help your organization respond to requests appropriately, and with built-in exception handling, reduce unnecessary work. 

Consent & Preference Management 

Under the CCPA, the right to opt out of the sale of personal information extends beyond the consumer to include devices and households. Via OneTrust, track do not sell requests by consumers, devices and households.  

Cookie Consent & Website Scanning 

Personal information under the CCPA is broadly defined and includes internet or other electronic network activity information, unique identifiers (which include cookies), and information regarding a consumer’s interaction with a website, application, or advertisement. OneTrust offers default cookie banners that reflect CCPA-specific messaging. Using geolocation, OneTrust can display different cookie banners with different consent models depending on the website visitor's location.

Get Your Free CCPA
Readiness Assessment Today!

Get Started

Access our Free CCPA Compliance Resources

Comprehensive Guide to the CCPA

Small & Medium Enterprise Solutions Download Now

CCPA vs GDPR Comparison

Small & Medium Enterprise Solutions Download Now