CCPA / CPRA
California Consumer Privacy Act (as amended by CPRA)
California, USA
CPRA in force since 2023
United States
Who must comply
For-profit businesses that meet revenue or data-volume thresholds and handle California residents' data.
Penalties
Up to $7,500 per intentional violation, plus statutory damages for breaches.
Key obligations
- Honor Do Not Sell or Share requests
- Recognize Global Privacy Control signals
- Provide a clear opt-out mechanism
- Handle consumer rights requests
- Limit use of sensitive personal information
How ConsentX helps
Native Global Privacy Control support
Do Not Sell or Share controls
Opt-out preference signals
45-day DSAR SLA workflow
Get CCPA / CPRA ready with ConsentX
This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.
How to comply with CCPA / CPRA using ConsentX
- 1
Scan your website
Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under CCPA / CPRA.
- 2
Show a geo-aware consent banner
Add the ConsentX banner. It detects each visitor region and shows the consent experience that CCPA / CPRA requires, automatically.
- 3
Block trackers until consent
Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.
- 4
Record tamper-evident proof
Every choice is stored as a tamper-evident consent receipt you can produce in a CCPA / CPRA audit.
- 5
Handle data requests on time
Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.
Frequently asked questions
Do I have to honor Global Privacy Control in California?+
Yes. Under CPRA a GPC signal must be treated as a valid opt-out of the sale or sharing of personal information.
Is CCPA opt-in or opt-out?+
Opt-out. Consumers can opt out of sale and sharing, and you must make that easy and honor GPC.