GDPR and CCPA compliance Solutions and Services Get Started

X Close

California Consumer Privacy Act – CCPA Compliance Software & Tools

CCPA Requirements and tips for compliance

Goverence Solutions & Services

Effects of the California Consumer Privacy Act (CCPA)

Also known as AB 375, the California Consumer Privacy Act of 2018 was passed in California and is anticipated to go into effect on January 1, 2020. The Act focuses exclusively on data collection and privacy, very similar to the European Union’s General Data Protection Regulation (GDPR). A few key components of the Act give residents of California the right to:

  • Know what personal data is being collected
  • Request details on how their data is being processed
  • Access their personal data
  • Request to have their personal data deleted
  • Know whether their personal data is sold or disclosed to third parties
  • Decline or opt-out of the sale of their personal data

Does CCPA apply to my company?

CCPA applies to companies that:

  • Have a gross annual revenue of at least $25 million (or)
  • Are a data broker or other business that buys, sells, or shares personal data of 50,000 or more consumers, households, or devices (or)
  • Get the majority of their annual revenue from selling consumers’ personal data

What are the potential consequences for violating the CCPA?

The Act gives residents of California the ability to bring a civil action against companies that violate the Act, and states that fines could be between $100-750 per violation – or higher, if more damage can be proven. In addition, the state of California can bring charges against a noncompliant company directly. Those fines could be up to $7,500 for each alleged violation not resolved within 30 days.

My business isn’t located in California. Why should I be concerned?

Well, California by itself is the 5th largest economy in the world. If you do business in California or collect data from California residents you need to comply. So, ignoring the California statues and marketplace regulations is unlikely to be an option. There’s good news however – the CCPA is largely in line with GDPR, so if your business is GDPR compliant, you’re probably in good shape for CCPA.

The landscape of privacy regulations is only getting more stringent. More regulations and legislation are coming –  in fact, a separate bill in California (AB 2546) is still under consideration to strengthen anti-spam laws. Be smart about your data collection and adopt a policy of “privacy by design.”

OnePoint Privacy Portal

Consumers submit data requests through the Consumer Privacy Request Portal which are then routed to all appropriate departments and personnel for resolution.

Goverence Solutions & Services

How we can help with CCPA

Consulting Services: Maintaining compliance with the growing privacy regulations across the globe is daunting. PossibleNOW’s sister company, CompliancePoint, provides the following consulting services related to CCPA:

  •     Determine if and how the CCPA legislation applies to you
  •     Conduct a data mapping process to locate data and document how it is used
  •     Establish what you should be doing today to prepare for CCPA
  •     Improve your overall security and compliance position

OnePoint Privacy Management Platform: OnePoint is a workflow tool that manages activities associated with maintaining compliance with consumer privacy requests related to CCPA and other privacy regulations. This includes defining workflows, tasks, and assigning task owners for completing the steps necessary to satisfy the consumer rights.

Consumers are provided access to the Consumer Privacy Request Portal which allows them to submit requests related to their privacy rights including Right to Access, Deletion, Disclosure of Information Collected, Disclosure of Information Sold and to the Right to Opt-out. They are provided a confirmation code to track the status of their request and are notified when it is completed.

Upon completion of a set of tasks or workflows, an auditor can view all work, evidentiary data articles, and other documentation related to the completion of a task and approve it or reject if it doesn’t meet the required standard. All evidential artifacts are stored in a central repository for validation and audit purposes. 

Reference the graphic below for illustration of the workflow and process.

 Read about our other privacy offerings 

OnePoint Privacy Management 

  • slide 1
  • slide 2
  • slide 3
  • slide 4
Research Report on the Anatomy of a Preference Center


  • Twitter
  • RSS
  • YouTube
  • LinkedIn