Our platform enables you to manage all aspects of CCPA compliance in one platform, including automating consumer rights requests, enabling opt-out of sale across platforms, and managing incident notifications.
CCPA Compliance
Automate CCPA compliance for your organization
Accelerate time to CCPA compliance with a unified, fully automated solution for responding to consumer rights and Do Not Sell requests.
Operationalize CCPA requirements
Access a centralized repository of CCPA resources that includes the law’s text, comprehensive guides, regulatory guidance, and a CCPA amendment tracker so you can stay up to date.
Leverage CCPA-specific response workflows. Automate every phase of the consumer request process including intake, identity verification, data discovery, deletion, and secure response.
Build “Do Not Sell My Personal Information” links and user interfaces for web, mobile, and CTV platforms with pre-built templates, and communicate opt-outs to third parties.
Stay up to date by data mapping your IT systems, business processes, and third parties. Deploy automated data discovery and attach CCPA-specific labels with both out-of-the-box and custom classifiers.
Centralize and analyze incidents across all detection and reporting channels with California Data Breach Notification templates. Streamline response and comply with the CCPA’s 30-day cure period.
FAQs
The CCPA is one of the many data privacy laws that have been changing the regulatory landscape over the past few years. We provide answers to some frequently asked questions below.
Any for-profit company that does business in California and fulfills any of these requirements: Its annual gross revenue is $25 million or more; it buys, sells, or receives 50,000 or more California residents' personal data; or it derives 50% or more of its annual revenue from selling their consumers’ personal information. Even out-of-state companies are affected by the CCPA and must ensure their privacy practices are updated and compliant.
Under the CCPA, California residents have a right-to-know about the categories of personal information that is being collected, how it is used, the purpose of its collection, and the categories of third parties that buy or receive this sensitive data. They have a right to opt-out of sale of their personal information, and a right to have their personal information deleted upon request. Companies must also provide a notice of collection that has a Do Not Sell link and a link to their privacy notice.
While the CCPA focuses on Californians’ consumer privacy rights and the GDPR protects European personal identifiers, these privacy laws are similar in their global reach: companies do not have to be based in either California or Europe to be affected.
OneTrust provides you with a way to minimize risk of non-compliance by leveraging automation and a centralized regulatory knowledge base so you can stay up-to-date and compliant, shorten data processing, time and quickly fulfill consumer data requests, and maintain data accuracy across web, mobile, and CTV platforms.