Skip to main content

On-demand webinar coming soon...

CCPA Compliance

Automate CCPA compliance for your organization

Accelerate time to CCPA compliance with a unified, fully automated solution for responding to consumer rights and Do Not Sell requests. 

CCPA Compliance

Operationalize CCPA requirements

Our platform enables you to manage all aspects of CCPA compliance in one platform, including automating consumer rights requests, enabling opt-out of sale across platforms, and managing incident notifications. 

Access a centralized repository of CCPA resources that includes the law’s text, comprehensive guides, regulatory guidance, and a CCPA amendment tracker so you can stay up to date. 

Leverage CCPA-specific response workflows. Automate every phase of the consumer request process including intake, identity verification, data discovery, deletion, and secure response. 

Build “Do Not Sell My Personal Information” links and user interfaces for web, mobile, and CTV platforms with pre-built templates, and communicate opt-outs to third parties. 

Stay up to date by data mapping your IT systems, business processes, and third parties. Deploy automated data discovery and attach CCPA-specific labels with both out-of-the-box and custom classifiers. 

Centralize and analyze incidents across all detection and reporting channels with California Data Breach Notification templates. Streamline response and comply with the CCPA’s 30-day cure period. 


AI GOVERNANCE
January 28, 2025

Operationalizing the EU AI Act

In this webinar, we’ll explore how OneTrust helps organizations meet EU AI Act compliance by operationalizing AI governance frameworks.


FAQs

The CCPA is one of the many data privacy laws that have been changing the regulatory landscape over the past few years. We provide answers to some frequently asked questions below. 

The California Consumer Privacy Act of 2018, and its 2020 amendment called the California Privacy Rights Act (CPRA), is a California law that seeks to provide more robust privacy protection to California consumers. It gives them the means to opt-out of the sale of personal information for targeted advertising, request deletion of data, and inform consumers if they were exposed to a data breach.

Any for-profit company that does business in California and fulfills any of these requirements: Its annual gross revenue is $25 million or more; it buys, sells, or receives 50,000 or more California residents' personal data; or it derives 50% or more of its annual revenue from selling their consumers’ personal information. Even out-of-state companies are affected by the CCPA and must ensure their privacy practices are updated and compliant. 

Under the CCPA, California residents have a right-to-know about the categories of personal information that is being collected, how it is used, the purpose of its collection, and the categories of third parties that buy or receive this sensitive data. They have a right to opt-out of sale of their personal information, and a right to have their personal information deleted upon request. Companies must also provide a notice of collection that has a Do Not Sell link and a link to their privacy notice. 

While the CCPA focuses on Californians’ consumer privacy rights and the GDPR protects European personal identifiers, these privacy laws are similar in their global reach: companies do not have to be based in either California or Europe to be affected. 

OneTrust provides you with a way to minimize risk of non-compliance by leveraging automation and a centralized regulatory knowledge base so you can stay up-to-date and compliant, shorten data processing, time and quickly fulfill consumer data requests, and maintain data accuracy across web, mobile, and CTV platforms. 

Ready to get started?

Request a free demo today to see how OneTrust can help you unlock the power of responsible data use.