CCPA / CPRA compliance with ConsentX
California Consumer Privacy Act (as amended by CPRA)
California, USA
CPRA in force since 2023
United States
Who it applies to
For-profit businesses that meet revenue or data-volume thresholds and handle California residents' data.
Penalties
Up to $7,500 per intentional violation, plus statutory damages for breaches.
Key obligations
- Honor Do Not Sell or Share requests
- Recognize Global Privacy Control signals
- Provide a clear opt-out mechanism
- Handle consumer rights requests
- Limit use of sensitive personal information
How ConsentX helps
Native Global Privacy Control support
Do Not Sell or Share controls
Opt-out preference signals
45-day DSAR SLA workflow
Get CCPA / CPRA ready with ConsentX
Start free, or book a walkthrough with our team.
This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified counsel.
Frequently asked questions
Do I have to honor Global Privacy Control in California?+
Yes. Under CPRA a GPC signal must be treated as a valid opt-out of the sale or sharing of personal information.
Is CCPA opt-in or opt-out?+
Opt-out. Consumers can opt out of sale and sharing, and you must make that easy and honor GPC.