CCPA Compliance Software

CCPA compliance software is a privacy compliance management platform that is flexible enough to help you comply with the strict level of the requirements of the original CCPA, such as handling Data Subject Access Requests, but also be able to support the evolving CPRA requirements of the subsequent California privacy law that replaced it. As the new law, CPRA, comes into play, there are additional requirements that begin to align CPRA more closely with the European standard, the GDPR, which makes it smart for companies to evolve from managing privacy compliance on spreadsheets to using state of the art, flexible and scalable CCPA compliance software to handle their compliance needs. 

To find the right CCPA compliance software for your needs, start with some basic questions:

What regions are you doing business in? Do you need to comply with only California privacy regulations? Or do you need to comply with other US states or global regions such as Europe, Brazil, Singapore, Canada, etc.? Do you need to comply with the European GDPR? If so, that brings a whole new level of requirements to your privacy compliance management.

Next, assess your level of preparedness. Have you already mapped your data and assessed your level of need and areas of risk? If not, you may need CCPA compliance software that helps you do that with a Privacy Impact Assessment or PIA.

Do you already have a Register of Processing Activities (RoPA) or do you need a place to collect those? As CCPA has evolved to CPRA it becomes more critical to log your processing activities, identify and catalog your risky processing categories and be able to report those to the newly created California data supervisory authority and that means that if you are managing this effort in Excel, then it is time to move to a more robust and manageable CCPA compliance software.

These types of questions will help you assess what type of CCPA compliance software you need. 

CCPA compliance is a moving target for companies that are subject to the CCPA, or more currently, the CPRA. CCPA compliance in these terms means adherence to the requirements of the CCPA and the newer regulation, the CPRA.  When the CPRA passed in November 2020, this meant the addition of another two dozen rules yet to be fully rolled out as well as the creation of a California Supervisory Authority, much like those in the EU region. This means companies subject to the CCPA need to pay close attention to these evolving rules. 

Accordion ContentThe CCPA applicability thresholds have been replaced under the newer CPRA, raising the threshold of applicability which is good news for many companies previously determined to be subject to California privacy regulation. The California privacy regulation applies to for-profit businesses that do business in California which meet the following criteria:

·       Have an annual gross (global) revenue of over $25 million;

·       Buy, receive, sell or share the personal information of 100,000 or more consumers (a “consumer” is defined as a California resident), households or devices for commercial purposes each year; or they

·       Derive 50% or more of annual revenue from sharing or selling consumer personal information.

Businesses are exempt from CCPA if they are non-profit organizations, government agencies, or they are for-profit companies and they fall below the minimum threshold for annual revenue or if they buy, receive, sell, or share the personal information of fewer than 100,000 consumers per year.

CCPA requirements are evolving now that California voters approved Proposition 24 which enacted the California Privacy Rights Act of 2020, dubbed CPRA. The CPRA takes effect Jan. 1, 2023; however, it will have a “look-back” period to Jan. 1, 2022 so companies should begin preparing ahead of the date.

The California Consumer Privacy Act of 2018 (CCPA) gives consumers more control over the personal information that businesses collect about them and the CCPA regulations provide guidance on how to implement the law. This landmark law secures new privacy rights for California consumers, including:

The right to know about the personal information a business collects about them and how it is used and shared;

The right to delete personal information collected from them (with some exceptions);

The right to opt-out of the sale of their personal information; and

The right to non-discrimination for exercising their CCPA rights.

Businesses are required to give consumers certain notices explaining their privacy practices.

The CPRA includes a number of amendments and modifications to the CCPA, such as extending enforcement exemptions, defining the term “consent,” and imposing additional privacy policy disclosures. This section will focus on four of the CPRA’s most significant provisions: (1) expansion of California resident privacy rights; (2) new protections for “sensitive personal information”; (3) establishment of a California privacy regulator; and (4) expansion of the CCPA’s private cause of action.