top of page

What The CCPA Is: General View

Updated: Dec 7, 2021


As of 2021, US companies have one more reason to transform their businesses. - All of the California Consumer Privacy Act (CCPA) provisions came into enforcement. Lots of enterprises are concerned about preparing for innovation. But, as General Data Protection Regulation (GDPR) implementation shows, the efforts will be justified. Here you will discover what’s the difference between these two acts, what risks are incurred by non-compliance with the CCPA, and what to do to follow the regulations.

CCPA Regulations: What You Should Comply With

What is the CCPA?

California Consumer Privacy Act is a state regulation created to ensure a high level of personal data security and secure them as consumers' property. The CCPA covers employees, contractors, and business customers' data transferring as well.

Who must comply with the Privacy Act?

CCPA applies to commercial companies that do business in California or employ California residents. Moreover, the law concerns only businesses that:

  • make annual commercial data transactions owned by min. 50K Californians

  • receive $25M of gross annual revenue or more

  • conduct the above data transactions, receiving at least 50% of annual revenue from it

Core CCPA requirements

According to the Act, consumers have the right to receive notifications and request information about the volume and purpose of their data usage. A company must answer a consumer's request within 45 days after its receiving. The tricky part is, as of January 1, 2021, businesses are obligated to provide data usage information for the last 12 months.

CCPA fully maintains consumer control over their data. They can refuse to submit personal information or require a company to delete it. In case of unauthorized non-compliance with obligations, consumers can sue enterprises. Following Perkins Coie, as of June 2021, there were 135+ litigation cases related to CCPA. The most significant number of claims concerns privacy notice.

One of the curious Act's provisions is the prevention of revenge. In other words, if a client demanded personal data deletion, a company does not have the right to overstate goods/services costs.

CCPA: Challenge or Opportunity?

The CCPA adoption is a win for consumers. Meanwhile, the business faced a second avalanche of challenges. Enterprises have to set up data processing in brief terms to:

  • know what data and why they collect

  • boost data storage

  • perform accurate custom notification

  • delete data without harming business

This approach often requires data processing systems modernization. Businesses are going to invest there up to $100K per year.

It seems the California Consumer Privacy Act is a troublemaker. Meanwhile, it provides companies with the opportunity to improve the quality of their business. Due to compliance with the law, enterprises can:

  • operate only with reliable information

  • improve customer experience and level of trust

  • boost software base, bringing ourselves closer to digital transformation goal

  • improve marketing strategies

  • take care of data protection

CCPA vs. GDPR: Similarities & Differences

CCPA vs. GDPR: Similarities & Differences

CCPA Compliance Checklist

Any violation of CCPA, including loss of data, will lead to penalties or damage to the company's reputation because of litigation. Businesses strive to find a versatile list of improvements they should implement to avoid poor overcomes. We defined the top 10 to-dos able to protect your company:


Create a robust strategy concerning data processing. You must understand all aspects of working with data and respond to consumer requests promptly.


Improve your current software base. Compliance with CCPA will become one more overwhelming burden on outdated systems.


Write a versatile Privacy Policy containing a step-by-step guideline on how consumers can get their data and edit them. Make it accessible and visible on your website.


Boost a UI. Add a pop-up banner with a confirmation feature. It will notify users about data collection and help to get their approval.


Build scenarios of actions for all possible CCPA-related requests.


Organize in-house training to prepare staff for new work conditions. Pay attention to your employees' data protection as well.


Initiate risk-management procedures concerning your business partners to make sure they also comply with CCPA.


Check all current agreements concerning data transferring and update them following the Privacy Act requirements.


Use robust software for data protection. Make sure your data storages are scalable and reliable.


Track any amendments to CCPA and shadow how your competitors provide their compliance with it.

The Bottom Line

They say CCPA is not the end of the world. It's a motivation for business to get better. By the way, the regulation will not bypass non-Californian companies. Initiatives to implement similar acts have sprung up in several states. To avoid issues, enterprises should prepare for changes before they come.

If you strive to migrate to new software for compliance with CCPA, feel free to contact our specialists. We’ll provide you with tips on where to start.


More insights


bottom of page