Streamline Your Path to CCPA Compliance

Simplify management and get your business CCPA compliant


DRIVE security & privacy by design
Achieve compliance by default

Everything you need for CCPA compliance

  • CCPA Plan

    CCPA Plan

    Step-by-step implementation plan outlines how to align with all 6 CCPA Articles

  • Customized Policies

    Customized Policies

    Our automated policy builder ensures your policies meet CCPA requirements

  • Policy Management

    Policy Management

    Reduce admin time with automated employee reminders and tracking

  • Security Awareness Training

    Security Awareness Training

    In-platform Carbide Academy videos on security and privacy best practices with a template library for common requirements

  • Evidence Collection

    Evidence Collection

    100+ technical integrations connecting to your tech stack to automatically capture your compliance with CCPA

  • Audit Support

    Audit Support

    Save time by giving auditors a read-only view of your CCPA reporting dashboard

  • Robust Ecosystem

    Robust Ecosystem

    Carbide’s security and privacy services and network of audit partners help you meet requirements faster

  • Multi-Compliance by Design

    Multi-Compliance by Design

    Comply with multiple frameworks & regulations with our unified platform

  • Cloud Monitoring

    Cloud Monitoring

    Easily collect data with automated security monitoring, security assessments, and remediation tools to make actionable insights on your cloud environment

Frequently Asked Questions

What is CCPA?

The California Consumer Privacy Act of 2018 (CCPA) is a Californian privacy law that gives consumers more control over their personal information that businesses collect about them and the CCPA regulations provide guidance on how to implement the law. As an addendum to the CCPA, the California Privacy Rights Act (CPRA) was added as an addendum to the CCPA in late 2020 and goes into effect in January 2023.

Who needs to comply with CCPA?

Under the CCPA, an organization can classify as a business if they are a legal entity that is operated for profit, involves the collection of California consumers’ personal information (PI), determines the purposes and means of processing PI, and satisfies one or more of the following conditions:

Has an annual gross revenue of over $25 million in the preceding calendar year
Alone, or in combination, annually buys, sells, or shares the personal information of 50,000 or more consumers or households
Derives 50% or more of its annual revenue from selling consumers’ personal information

Organizations do not need to reside or have a physical presence in California to be legally obligated to follow the requirements of CCPA.

How is CCPA enforced?

The CCPA was originally enforced by the California Office of the Attorney General (OAG). The CPRA moves this authority to the newly formed California Privacy Protection Agency (CPPA) who will be responsible for the investigation, enforcement, and rulemaking powers.

Differences between CCPA and GDPR

The CCPA applies only to California residents and organizations doing business in California. In contrast, the GDPR applies to any organization that processes the personal data of European citizens and residents no matter where they’re located.
The CCPA uses opt-out as the basis for consent. The GDPR, on the other hand, requires opt-in.
The CCPA requires certain privacy notices (such as “notice at collection” and a privacy policy). But it does not require the kind of “cookie banner” that many businesses use on their website for GDPR compliance.
The CCPA’s penalties cap at $7,500 per record for each intentional violation ($2,500 for each unintentional violation). The GDPR’s penalty caps at 4 percent of the company’s annual revenue, or $21 million – whichever is greater.
The CCPA may exclude some small businesses. The GDPR includes all businesses no matter the size.

What is CCPA trying to achieve?

CCPA’s 6 Articles form the ground rules for the collection, use and disclosure of personal information, as well as for providing access to personal information. They give individuals control over how their personal information is handled in the private sector.

What rights do consumers have under CCPA?

The general duties of businesses that collect personal information (right to know).

The right to delete personal information.

The right to correct inaccurate personal information.

The right to know what personal information is being collected.

The right to access personal information.

The right to know what personal information is sold or shared and to whom.

The right to opt-out of sale or sharing of personal information.

The right to limit the use and disclosure of sensitive personal information.

The right of no retaliation following opt-out or exercise of other rights.

Notice, disclosure, correction, and deletion requirements.

The methods of limiting sale, sharing, and use of personal information and use of sensitive personal information.

What is the penalty for non-compliance?

CCPA’s fines for noncompliance include:

  • Up to but not more than $2,500 for each violation
  • $7,500 for each intentional violation or violations involving minors

See How Carbide Can Help You

Schedule a consultation with one of our Solutions Advisors to learn how Carbide can accelerate your data protection program.

By submitting this request you consent to receive emails from Carbide. You can opt-out from receiving emails at any time.
This field is for validation purposes and should be left unchanged.