← All compliance services
US Privacy

California Consumer Privacy Act

CCPA / CPRA Compliance

CCPA/CPRA applies to for-profit businesses that meet revenue or data volume thresholds and collect California residents' personal information. Non-compliance triggers civil penalties and a private right of action for data breaches. As more states adopt similar laws, building a scalable U.S. privacy program now saves significant rework later.

What we address

  • Data inventory and personal information mapping
  • Privacy notice updates and opt-out mechanisms (Do Not Sell / Do Not Share)
  • Consumer rights request workflows (access, deletion, correction, portability)
  • Sensitive personal information handling and opt-out procedures
  • Service provider and contractor agreement review
  • Data minimization and retention policy development

Our approach

  1. 1Personal information inventory and data flow mapping
  2. 2CCPA/CPRA gap assessment and remediation roadmap
  3. 3Privacy notice, opt-out, and consent management implementation
  4. 4Consumer rights request process design
  5. 5Multi-state privacy law readiness review (Virginia, Colorado, Texas, etc.)

Who needs this

For-profit businesses with annual gross revenue over $25M, or that buy/sell/receive personal data of 100,000+ consumers/households annually, or derive 50%+ of revenue from selling personal data — and that do business in California.

Start your CCPA assessment

Need a broader program?

Many organizations must satisfy multiple frameworks simultaneously. We help you build a unified program that satisfies overlapping controls efficiently.

View all compliance services