And keep track of latest developments and guidance
OneTrust for CCPA
California Consumer Privacy Act
About the CCPA
The California Consumer Privacy Act (CCPA) introduces new rights for California residents – forcing companies that conduct business in the State of California to implement structural changes to their privacy programs or face non-compliance.
The CCPA will take effect on January 1, 2020. This may appear to give your organization time to prepare. However, the law has a “look back” requirement - requiring organizations to provide records covering the 12-month period preceding the date of a consumer's request to access their personal information. As a result, many organizations are making necessary CCPA operational changes and leveraging the new law as a stepping stone to building a comprehensive privacy program.
A Strong Foundation for CCPA Compliance
Utilize OneTrust’s innovative technology products to tackle CCPA compliance
Research & Resources
Access OneTrust’s library of free resources to help your team prepare for the CCPA
OneTrust’s expert consulting services help you understand your CCPA readiness
Network of CCPA privacy professionals and workshops across the globe
How OneTrust Helps
With OneTrust, your organization can take a holistic approach to CCPA compliance by leveraging a comprehensive suite of tools, each offering CCPA-specific functionality. By leveraging internal governance tools as well as consumer-facing tools, your organization can pinpoint where personal data resides and how it is used; streamline your ability to act when consumers exercise their rights to information and deletion; and manage opt outs relating to the sale of personal information. The OneTrust platform directly addresses CCPA requirements and sets organizations on the right trajectory for supporting a global privacy program.
OneTrust for CCPA
Recommended CCPA Solutions to Build Your Program
Intake & Fulfillment of "Do Not Sell", Consumer Information, Deletion Requests
For California consumer data flows and meet CCPA "Look Back" Requirements
300+ International and State Regulations built-in
Sync Consent Across Systems To Avoid Unauthorized Sale of Consumer Data
To identify gaps, project plan, and provide executive reports
Provide opt-out for advertising and data collection cookies on website
To verify ongoing processes meet CCPA requirements and keep data map updated
Assess Vendors and Efficiently Navigate “Cure” Periods
Drive Consumer Engagement With Configurable Preference Centers
OneTrust Internal Governance Tools for CCPA Compliance
Privacypedia™ by OneTrust
Due to the evolving nature of global privacy law, you should look to an organized, comprehensive research tool that keeps pace with frequent regulatory change and explains how privacy laws affect your organization. Use Privacypedia™ by OneTrust to access a centralized resource aggregator that includes the full CCPA text, as well as summaries, comprehensive guides, and regulatory guidance. Privacypedia™ is continually updated by the OneTrust global research team and includes the latest amendments, news, and guidance
Readiness & Accountability Tool
The OneTrust Readiness & Accountability tool is an easy way to track your overall CCPA readiness and offers a definitive path to compliance. With the OneTrust Readiness & Accountability tool, leverage a research-backed CCPA readiness questionnaire, which helps assess your organization's CCPA gaps and offers remediation recommendations to minimize risks.
Data Inventory & Mapping
OneTrust Data Inventory & Mapping technology is a core asset for those seeking to prepare for the CCPA. CCPA-specific data elements built into OneTrust help your organization track key attributes when mapping data for CCPA compliance. Additionally, leverage bulk importing capabilities to attach CCPA-specific data elements to existing data.
Assessments are core to the development of every comprehensive privacy program. OneTrust Assessment Automation offers updated, CCPA-specific PIAs to adhere to data minimization and purpose limitation considerations outlined under the CCPA. With Assessment Automation, take advantage of automated CCPA-specific risk flagging and research-backed remediation recommendations.
Vendor Risk Management
With OneTrust Vendor Risk Management, your organization can better understand which vendors have access to your consumers’ data. Leverage OneTrust Vendor Risk Management to communicate with third-party vendors to meet consumer requests for data access and deletion. Additionally, generate visuals to map vendors and data flows state by state and around the world.
Incident & Breach Response
Taking a proactive approach to incident and breach response, regardless of which data breach notification or privacy laws apply, helps decrease risks and other potential negative impacts should a breach occur. OneTrust Incident & Breach Response enables your organization to analyze incidents with a built-in, California Data Breach Notification assessment template. With customizable workflows, streamline response and quickly remedy a violation within the CCPA's 30-day cure period.
OneTrust Consumer Facing Tools for CCPA Compliance
Consumer Rights Management
The OneTrust Consumer Rights Management tool is equipped to streamline the intake and fulfillment of requests for information, a new consumer right under the CCPA. The CCPA stipulates a 45-day response timeline for consumer data requests. With OneTrust, intake consumer rights requests and leverage CCPA-specific response workflows to help your organization respond to requests appropriately, and with built-in exception handling, reduce unnecessary work.
Consent & Preference Management
Under the CCPA, the right to opt out of the sale of personal information extends beyond the consumer to include devices and households. Via OneTrust, track do not sell requests by consumers, devices and households.
Cookie Consent & Website Scanning
Personal information under the CCPA is broadly defined and includes internet or other electronic network activity information, unique identifiers (which include cookies), and information regarding a consumer’s interaction with a website, application, or advertisement. OneTrust offers default cookie banners that reflect CCPA-specific messaging. Using geolocation, OneTrust can display different cookie banners with different consent models depending on the website visitor's location.