CCPA Compliance Tools for Small & Mid-Size Companies

Get ready for the CCPA with the all-in-one OneTrust Pro platform for privacy and compliance.

What is CCPA?

CCPA stands for the California Consumer Privacy Act 2018. The CCPA is the most recent personal data protection law passed by the state of California as a response to the increased role of personal data in contemporary business practices and the personal privacy implications surrounding the collection, use, and sale of personal information.

January 1, 2020

When is the CCPA enforced?

What do I need to do for CCPA?

“A business that collects a consumer’s personal information shall, at or before the point of collection, inform consumers as to the categories of personal information to be collected and the purposes for which the categories of personal information shall be used”
-
1798.100 (b)

“Disclose the following information in its online privacy policy…and update that information at least once every 12 months.
-
1798.130 (a)

“A business that receives a verifiable consumer request from a consumer to access personal information shall promptly take steps to disclose and deliver, free of charge to the consumer, the personal information required by this section."
-
1798.100 (d)

“Disclose and deliver the required information to a consumer free of charge within 45 days of receiving a verifiable request from the consumer”
-
1798.130 (a) (2)

“The disclosure shall cover the 12-month period preceding the business’s receipt of the verifiable request…”
-
1798.130 (a) (2)

“Provide a clear and conspicuous link on the business’ Internet homepage, titled “Do Not Sell My Personal Information,” to an Internet Web page that enables a consumer, or a person authorized by the consumer, to opt out of the sale of the consumer’s personal information”
-
1798.100 (b)

Everything you need to know about the CCPA

Prepare for CCPA-specific requirements with free, expert-led webinars.

How OneTrust Helps with CCPA Compliance

Benchmark your CCPA readiness

Take our research-based CCPA readiness assessment to uncover your company’s compliance gaps and provides remediation recommendations to minimize risk.

Track personal information, including CCPA attributes

Maintain evergreen records of the data you hold, how it is used throughout your company, and whether you have the right to sell consumer data to third-party vendors. Take advantage of data visualizations and reports to demonstrate compliance.

Ensure ongoing processes meet CCPA requirements

Continuously review your data processes against CCPA requirements for disclosure, data minimization and purpose limitation. With automated risk flagging, you can quickly discover and take action on compliance gaps.

Maintain up-to-date privacy policies and notices

Generate CCPA-compliant notices and policies, including the categories of personal information collected, sold and disclosed, and embed a form for consumers to submit requests. Push updates directly from OneTrust across your web and mobile properties.

Streamline consumer rights and Do Not Sell requests

Verify consumers and track your progress against a CCPA-specific 45-day workflow. Our Consumer Rights tool comes with built-in response templates and integrations to help you fulfill requests in a timely and automated way.

Provide a transparent user experience across your website and app

Display a tailored banner to website or app users coming from the US, informing them of the tracking technologies that may be collecting or selling their personal data online, and enable them to opt out or set their preferences.

Honor user preferences and consent across systems

Whether it’s at the consumer, household or device level, capture and track consent and granular preferences, so you can honor opt out requests across the various systems or vendors.

Hold vendors accountable to CCPA obligations

As you onboard and offboard vendors across your company, track whether they have access to or sell your consumers’ data, assess risks and monitor critical security and privacy updates.

Meet CCPA data breach notification requirements

If an incident occurs, OneTrust provides an efficient way to assess, investigate and notify (as needed) in the event of a breach. Track remediation of violations within the 30-day cure period and export a complete audit trail. 

Get real-time CCPA updates and guidance

Our comprehensive research tool, DataGuidance by OneTrust, includes the full CCPA text, associated guidance, latest amendments as well as updates and best practices across US and global privacy regulations.

Why OneTrust Pro

Powerful Tools

The best privacy and security programs globally are built on OneTrust

Try for Free

Get started with a free trial; you'll get unlimited access to all OneTrust tools

Self-service Help

Take advantage of our product tours, searchable knowledge base and user guides

Quick Setup

Fast time to value with quick deployment options and access to in-house privacy experts

Flexible Pricing

Add OneTrust tools and capabilities as your business and privacy needs scales

Ongoing Updates

Stay ahead of future regulations and requirements with regular product updates

OneTrust named a leader in the Forrester New Wave™: GDPR and Privacy Management Software, Q4 2018

OneTrust Pro Pricing

Operationalize and Automate CCPA Requirements

CCPA Consumer Rights & Do Not Sell Solutions

Engage and Respond to Consumer Requests

userCreated with Sketch.

Consumer Rights & Targeted Data Discovery™

Intake and fulfill ‘Do Not Sale’ requests, and consumer requests for personal information access and deletion.
Starting at $100 per month

webscanCreated with Sketch.

Website & Mobile App Cookie Compliance

Enable ‘Do Not Sale’ on websites and provide an opt-out for advertising and data collection cookies.
Starting at $30 per domain/$90 per app per month

identityCreated with Sketch.

Consent & Preference Management

Track verifiable consent and sync across systems to avoid unauthorized sale of consumer data.
Starting at $250 per month

privacy settings

Policy & Notice Management

Centralize and distribute policies, notices & disclosures.
Starting at $100 per month

CCPA Privacy Governance Solutions

Map Data Flows for Ongoing Compliance

Data Inventory & Mapping

Map CCPA data flows for California consumer data flows and meet CCPA ‘look back’ requirements.
Starting at $100 per month

clipboardCreated with Sketch.

Assessment Automation

Distribute CCPA-based PIAs and PbD to verify ongoing processes meet requirements and keep data map updated.
Starting at $100 per month

incidentCreated with Sketch.

Incident & Breach Response

Meet California & US breach notification rules, and over 300 international and state regulations, built-in to OneTrust.
Starting at $100 per month

vendorCreated with Sketch.

Vendor Risk Management

Assess vendors against CCPA requirements, and efficiently navigate CCPA ‘cure periods’.
Starting at $100 per month

CCPA Research Solution
searchCreated with Sketch.

DataGuidance Research Portal

Central repository for CCPA text, regulatory guidance and amendments tracker.
Starting at $300 per user per month

CCPA Readiness Solution

Maturity & Planning

Assess CCPA gaps and minimize risk through remediation recommendations.
Starting at $100 per month

OneTrust Pro pricing is available to companies with less than 1,500 employees globally.

CCPA FAQs

CCPA stands for California Consumer Privacy Act 2018. It is the most recent personal data protection law passed by the State of California as a response to the increasing role personal data plays in business practices and the personal privacy implications surrounding the collection, use, and protection of personal information.

The California government leads among the US states in passing laws aimed to protect the right to privacy of its residents.

Personal information is defined broadly as information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

The CCPA gives consumers several rights with respect to the personal information businesses collect or sell about them, including right to request information, opt out of selling and deletion.

The CCPA is not focused on the size of your business, but whether it meets certain criteria as outlined below.

The CCPA applies to businesses, which are defined as for-profit organizations that collect personal information about residents in California, determine the purpose and means of the processing, does business in the State of California, and that meets one or more of (i) annual gross revenues in excess of twenty-five million dollars ($25,000,000), (ii) alone or in combination, annually buys, receives, sells, or shares for commercial purposes, the personal information of 50,000 or more consumers, households, or devices, or (iii) derives fifty percent or more of its annual revenues from selling consumers’ personal information [1798.140 (c)].

No, it is not. The government of California may have used the momentum carried by the introduction of GDPR, but the CCPA is not as extensive as the GDPR.

The GDPR shares similarities with other privacy laws introduced recently, but they have important differences.

These differences include the entities they cover, information required in privacy policies, prior consent and sale of personal information.

No, being GDPR compliant doesn’t necessarily mean that you are CCPA compliant by default. Chances are you already meet some of the CCPA requirements simply by meeting the GDPR articles, but you still have some work to do.

You will have to make adjustments in your privacy policy, include a “Do Not Sell My Personal Information” link on your home page, establish methods for requests for access, change, and erasure of data, establish a method for verification of the identity of the person making a data-related request, and establish a method for obtaining prior consent by minors before selling their personal data.