CCPA Compliance Tools for Small & Mid-Size Companies
Get ready for the CCPA with the all-in-one OneTrust Pro platform for privacy and compliance.
What is CCPA?
CCPA stands for the California Consumer Privacy Act 2018. The CCPA is the most recent personal data protection law passed by the state of California as a response to the increased role of personal data in contemporary business practices and the personal privacy implications surrounding the collection, use, and sale of personal information.
Everything you need to know about the CCPA
Prepare for CCPA-specific requirements with free, expert-led webinars.
How OneTrust Helps with CCPA Compliance
Benchmark your CCPA readiness
Take our research-based CCPA readiness assessment to uncover your company’s compliance gaps and provides remediation recommendations to minimize risk.
Track personal information, including CCPA attributes
Maintain evergreen records of the data you hold, how it is used throughout your company, and whether you have the right to sell consumer data to third-party vendors. Take advantage of data visualizations and reports to demonstrate compliance.
Ensure ongoing processes meet CCPA requirements
Continuously review your data processes against CCPA requirements for disclosure, data minimization and purpose limitation. With automated risk flagging, you can quickly discover and take action on compliance gaps.
Maintain up-to-date privacy policies and notices
Generate CCPA-compliant notices and policies, including the categories of personal information collected, sold and disclosed, and embed a form for consumers to submit requests. Push updates directly from OneTrust across your web and mobile properties.
Streamline consumer rights and Do Not Sell requests
Verify consumers and track your progress against a CCPA-specific 45-day workflow. Our Consumer Rights tool comes with built-in response templates and integrations to help you fulfill requests in a timely and automated way.
Provide a transparent user experience across your website and app
Display a tailored banner to website or app users coming from the US, informing them of the tracking technologies that may be collecting or selling their personal data online, and enable them to opt out or set their preferences.
Honor user preferences and consent across systems
Whether it’s at the consumer, household or device level, capture and track consent and granular preferences, so you can honor opt out requests across the various systems or vendors.
Hold vendors accountable to CCPA obligations
As you onboard and offboard vendors across your company, track whether they have access to or sell your consumers’ data, assess risks and monitor critical security and privacy updates.
Meet CCPA data breach notification requirements
If an incident occurs, OneTrust provides an efficient way to assess, investigate and notify (as needed) in the event of a breach. Track remediation of violations within the 30-day cure period and export a complete audit trail.
Why OneTrust Pro
OneTrust Pro Pricing
Operationalize and Automate CCPA Requirements
CCPA Consumer Rights & Do Not Sell Solutions
Engage and Respond to Consumer Requests
CCPA Privacy Governance Solutions
Map Data Flows for Ongoing Compliance
CCPA Research Solution
CCPA Readiness Solution
OneTrust Pro pricing is available to companies with less than 1,500 employees globally.
CCPA stands for California Consumer Privacy Act 2018. It is the most recent personal data protection law passed by the State of California as a response to the increasing role personal data plays in business practices and the personal privacy implications surrounding the collection, use, and protection of personal information.
The California government leads among the US states in passing laws aimed to protect the right to privacy of its residents.
Personal information is defined broadly as information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
The CCPA gives consumers several rights with respect to the personal information businesses collect or sell about them, including right to request information, opt out of selling and deletion.
The CCPA is not focused on the size of your business, but whether it meets certain criteria as outlined below.
The CCPA applies to businesses, which are defined as for-profit organizations that collect personal information about residents in California, determine the purpose and means of the processing, does business in the State of California, and that meets one or more of (i) annual gross revenues in excess of twenty-five million dollars ($25,000,000), (ii) alone or in combination, annually buys, receives, sells, or shares for commercial purposes, the personal information of 50,000 or more consumers, households, or devices, or (iii) derives fifty percent or more of its annual revenues from selling consumers’ personal information [1798.140 (c)].
No, it is not. The government of California may have used the momentum carried by the introduction of GDPR, but the CCPA is not as extensive as the GDPR.
The GDPR shares similarities with other privacy laws introduced recently, but they have important differences.
These differences include the entities they cover, information required in privacy policies, prior consent and sale of personal information.
No, being GDPR compliant doesn’t necessarily mean that you are CCPA compliant by default. Chances are you already meet some of the CCPA requirements simply by meeting the GDPR articles, but you still have some work to do.