CCPA

Streamline Your Path to CCPA Compliance

Simplify management and get your business CCPA compliant

Your Guide to CCPA Compliance

Your Guide to CCPA Compliance

The California Consumer Privacy Act was established to give Californians privacy and data protection similar to the EU’s GDPR, but if you’re doing business in California, you have a legal obligation to comply with this regulation governing how for-profit businesses collect, use, and disclose personal information of California’s residents.

The Carbide Platform and its embedded DRIVE (Design, Review, Implement, Validate, & Evolve) approach to CCPA compliance gives you a step-by-step plan to ensure your business follows all 6 of CCPA’s Articles.

INTENTIONAL DATA PROTECTION LEADS TO FASTER COMPLIANCE

DRIVE security & privacy by design
Achieve compliance by default

MENU
Design & Review
Design & Review

Develop a security & privacy program that meets CCPA's requirements

The first step to CCPA compliance is understanding where you fall short.

The Carbide Platform has CCPA requirements embedded, enabling you to perform a quick gap analysis against your current processes, controls, and policies to identify where you need to strengthen your program. Carbide can even auto-generate appropriate, custom-tailored policies and associated tasks to keep your CCPA program on track.

Design & Review
Design & Review
Implement
Implement

Leverage custom-generated policies in your CCPA compliant program

From protecting minor’s data rights (Article 6) to consistently and clearly communicating when, where, and what data is being collected( Article 2) to general rules regarding verification (Article 4), the Carbide Platform will generate a customized Implementation Plan that will save you countless hours of project management time.

Carbide will identify the practical, process, and technical tasks you need and identify the issues to remediate and critical action items to assign, as well as help you manage policy acceptance, security awareness training, and next steps.

Implement
Implement
Validate
Validate

Track your progress against CCPA & prove you value security and privacy

When the Office of the Attorney General (OAG) comes calling with a compliance complaint, you’ll be ready with the documentation and evidence you need to answer and resolve such complaints during the investigation.

Validate
Validate
Evolve
Evolve

Ingrain security and privacy & scale your business securely

California’s data protection and privacy requirements aren’t the only ones to worry about. As you grow your business and enter new regions, you may find yourself faced with GDPR requirements in the EU, PIPEDA expectations in Canada, and HIPAA enforcement in the US’s healthcare market.

With the platform embedded multi-compliance support, you’ll be able to quickly see how the work you’ve done on CCPA applies to other major security, privacy, and data protection frameworks and regulations—and how much you have left to do to quickly serve a new market or declare victory over another framework.

Evolve
Evolve

Everything you need for CCPA compliance

  • CCPA Plan

    CCPA Plan

    Step-by-step implementation plan outlines how to align with all 6 CCPA Articles

  • Customized Policies

    Customized Policies

    Our automated policy builder ensures your policies meet CCPA requirements

  • Policy Management

    Policy Management

    Reduce admin time with automated employee reminders and tracking

  • Security Awareness Training

    Security Awareness Training

    In-platform Carbide Academy videos on security and privacy best practices with a template library for common requirements

  • Evidence Collection

    Evidence Collection

    100+ technical integrations connecting to your tech stack to automatically capture your compliance with CCPA

  • Audit Support

    Audit Support

    Save time by giving auditors a read-only view of your CCPA reporting dashboard

  • Robust Ecosystem

    Robust Ecosystem

    Carbide’s security and privacy services and network of audit partners help you meet requirements faster

  • Multi-Compliance by Design

    Multi-Compliance by Design

    Comply with multiple frameworks & regulations with our unified platform

  • Cloud Monitoring

    Cloud Monitoring

    Easily collect data with automated security monitoring, security assessments, and remediation tools to make actionable insights on your cloud environment

Frequently Asked Questions

What is CCPA?

The California Consumer Privacy Act of 2018 (CCPA) is a Californian privacy law that gives consumers more control over their personal information that businesses collect about them and the CCPA regulations provide guidance on how to implement the law. As an addendum to the CCPA, the California Privacy Rights Act (CPRA) was added as an addendum to the CCPA in late 2020 and goes into effect in January 2023.

Who needs to comply with CCPA?

Under the CCPA, an organization can classify as a business if they are a legal entity that is operated for profit, involves the collection of California consumers’ personal information (PI), determines the purposes and means of processing PI, and satisfies one or more of the following conditions:

Has an annual gross revenue of over $25 million in the preceding calendar year
Alone, or in combination, annually buys, sells, or shares the personal information of 50,000 or more consumers or households
Derives 50% or more of its annual revenue from selling consumers’ personal information

Organizations do not need to reside or have a physical presence in California to be legally obligated to follow the requirements of CCPA.

How is CCPA enforced?

The CCPA was originally enforced by the California Office of the Attorney General (OAG). The CPRA moves this authority to the newly formed California Privacy Protection Agency (CPPA) who will be responsible for the investigation, enforcement, and rulemaking powers.

Differences between CCPA and GDPR

The CCPA applies only to California residents and organizations doing business in California. In contrast, the GDPR applies to any organization that processes the personal data of European citizens and residents no matter where they’re located.
The CCPA uses opt-out as the basis for consent. The GDPR, on the other hand, requires opt-in.
The CCPA requires certain privacy notices (such as “notice at collection” and a privacy policy). But it does not require the kind of “cookie banner” that many businesses use on their website for GDPR compliance.
The CCPA’s penalties cap at $7,500 per record for each intentional violation ($2,500 for each unintentional violation). The GDPR’s penalty caps at 4 percent of the company’s annual revenue, or $21 million – whichever is greater.
The CCPA may exclude some small businesses. The GDPR includes all businesses no matter the size.

What is CCPA trying to achieve?

CCPA’s 6 Articles form the ground rules for the collection, use and disclosure of personal information, as well as for providing access to personal information. They give individuals control over how their personal information is handled in the private sector.

What rights do consumers have under CCPA?

The general duties of businesses that collect personal information (right to know).

The right to delete personal information.

The right to correct inaccurate personal information.

The right to know what personal information is being collected.

The right to access personal information.

The right to know what personal information is sold or shared and to whom.

The right to opt-out of sale or sharing of personal information.

The right to limit the use and disclosure of sensitive personal information.

The right of no retaliation following opt-out or exercise of other rights.

Notice, disclosure, correction, and deletion requirements.

The methods of limiting sale, sharing, and use of personal information and use of sensitive personal information.

What is the penalty for non-compliance?

CCPA’s fines for noncompliance include:

  • Up to but not more than $2,500 for each violation
  • $7,500 for each intentional violation or violations involving minors
  • Book a Demo

    Book a Demo

    The Carbide platform gives you a clear roadmap and all the tools you need to get to CCPA compliance. If you’re ready to get started, chat with us so we can show you how it works.

    Learn More
  • Get Expert Guidance

    Get Expert Guidance

    Need a human guide to keep you on your path? Check out our unique plans, where our data protection experts will drive you to your destination.

    Learn More

See How Carbide Can Help You

Schedule a consultation with one of our Solutions Advisors to learn how Carbide can accelerate your data protection program.

By submitting this request you consent to receive emails from Carbide. You can opt-out from receiving emails at any time.
This field is for validation purposes and should be left unchanged.