CCPA Guides

Comprehensive guides to CCPA compliance, consumer rights, and California privacy requirements for startups and SaaS companies.

1What is CCPA? A Complete Guide for Startups7 min2Who Needs CCPA Compliance? Business Applicability Guide7 min3CCPA vs CPRA: Understanding the Amendments7 min4CCPA Consumer Rights: Complete Guide to Data Subject Rights8 min5CCPA Sensitive Personal Information: Categories and Requirements7 min6CCPA Opt-Out Requirements: Sale, Sharing, and GPC Compliance7 min7CCPA Privacy Policy Requirements: Notice and Disclosure Guide6 min8CCPA Service Provider Requirements: Contracts and Obligations7 min9CCPA Data Security Requirements: Reasonable Security Measures7 min10CCPA Penalties and Fines: Enforcement Consequences Explained6 min11CCPA Compliance Checklist: Step-by-Step Implementation Guide7 min12CCPA for SaaS Companies: Compliance Guide6 min13CCPA vs GDPR: Key Differences for Compliance7 min14CCPA and Other State Privacy Laws: Multi-State Compliance6 min15Maintaining CCPA Compliance: Ongoing Obligations6 min

Common Questions About CCPA

Quick answers to the most frequently asked questions about CCPA compliance.

The California Consumer Privacy Act (CCPA) is a state privacy law giving California residents rights over their personal information. It applies to businesses meeting certain thresholds that collect or sell personal information of California residents.

CPRA (California Privacy Rights Act) amended and expanded the CCPA, effective January 2023. It created the California Privacy Protection Agency, added new rights like correction and limiting use of sensitive data, and introduced data minimization requirements.

CCPA applies to for-profit businesses that collect California residents' personal information AND meet any threshold: annual gross revenue over USD 25 million, buy/sell/share data of 100,000+ California consumers/households/devices, or derive 50%+ revenue from selling/sharing personal information.

CCPA provides rights to know (what data is collected), delete (request deletion), opt-out (of data selling/sharing), non-discrimination (for exercising rights), correct (inaccurate information), and limit use of sensitive personal information.

Businesses that sell or share personal information must display a clear 'Do Not Sell or Share My Personal Information' link on their homepage. This allows consumers to opt out of data selling or sharing for cross-context behavioral advertising.

The California Privacy Protection Agency can impose fines up to USD 2,500 per unintentional violation and USD 7,500 per intentional violation. Consumers can also bring private lawsuits for data breaches, seeking USD 100-750 per incident or actual damages.

GDPR is broader in scope, applies to any organization processing EU residents' data, and has stricter consent requirements. CCPA has higher revenue thresholds, focuses on opt-out rights rather than consent, and includes a private right of action for breaches.

Yes, as of January 2023 (with CPRA amendments), B2B personal information is fully covered by CCPA. Previously there was an exemption for B2B data, but this has expired. Business contact information is now subject to all CCPA requirements.

Ready to get CCPA certified?

Let our experts guide you through CCPA certification. We'll handle the complexity so you can focus on your business.

Talk to an expert