California is imposing tough new rules on processing the data of anyone under the age of 18, with the potential to affect businesses that don't target younger consumers.
Becoming CCPA compliant is a big project, but with the right tools and a clear action plan, it can be achieved in much less time. Here are the five major steps to becoming and staying compliant, along with separate checklists for completing each step.
Read our Complete CCPA Guide for more detailed information about the California Consumer Privacy Act.
The cornerstone of CCPA compliance. Businesses must perform an in-depth analysis of what personal data it collects, where it is stored, how it is used, and with whom it is shared.
A critical part of any compliance strategy is determining which of a business’s vendors qualify as “service providers,” and are therefore exempt from some of the CCPA’s rules.
View the Vendor Classification checklist ›
Once you have a complete picture of how consumer data is collected and used, you can create a CCPA-compliant privacy policy and any additional required notices.
View the Privacy Policy checklist ›
Every type of CCPA privacy request has its own rules and exceptions. Creating a plan in advance for responding to them will make the process more efficient, more uniform, and less prone to mistakes.
View the Privacy Requests checklist ›
Staying CCPA compliant is an ongoing process that requires quarterly and annual maintenance. Identify these tasks and schedule them ahead of time to minimize any disruptions.
View the Staying Compliant checklist ›
Disclaimer: This content is provided for general informational purposes only and does not constitute legal or other professional advice. Without limiting the foregoing, the content may not reflect recent developments in the law, may not be complete, and may not be accurate or relevant in an applicable jurisdiction. This content is not a substitute for obtaining legal advice from a qualified licensed attorney in the applicable jurisdiction. The content is general in nature and may not pertain to specific circumstances, so it should not be used to act or refrain from acting based on it without first obtaining advice from professional counsel qualified in the applicable subject matter and jurisdictions.
Get monthly updates on the latest updates on policy & the shifting privacy landscape.
Dive into a world of knowledge, trends, and industry updates on the TrueVault blog.