Unlike the GDPR's opt-in model, the CCPA/CPRA centres on opt-out and 'Do Not Sell or Share' rights, and requires businesses to honour the Global Privacy Control signal. ConsentX provides the opt-out flow, GPC handling and records needed for CCPA/CPRA and the wave of similar US state laws.
In ConsentX
Related terms
The GDPR is the European Union's data-protection law, requiring a lawful basis (often consent) to process personal data, with fines up to €20 million or 4% of global turnover.
Global Privacy Control (GPC) is a browser signal that tells websites a user wants to opt out of the sale or sharing of their personal data, and several US state laws treat it as a legally binding opt-out.
A DSAR is a request by an individual to access, correct, delete or port the personal data an organisation holds about them, which must be answered within a statutory deadline.