The CPRA enforcement deadline was March 29th, 2024.
Is your business compliant?
Ketch is easy-to-use data privacy software for small teams that need fast and easy compliance with California privacy law requirements for CCPA and CPRA, like Do Not Sell and opt-out enforcement.
4.6 out of 5
Google-certified CMP & Top-rated consent management platform on G2
Compliance requires the ability to collect and enforce consumer privacy choices across your data ecosystem. CCPA (California Consumer Protection Act) is already live, and the enhanced CPRA (California Privacy Rights Act) was enforced beginning on March 29, 2024. Businesses require flexible and responsive infrastructure to comply with regulators and meet consumer expectations.
Schedule a DemoNo coding expertise? No problem. Ketch is easy for legal and marketing teams to use, with WYSIWYG, drag-and-drop customization capabilities. With Ketch consent and preference management, you can use our pre-defined templates to quickly spin up privacy policies and notices for California consumers.
Schedule a DemoUnder the CCPA and CPRA privacy laws, consumers can make the choice to opt-out of activities like targeted advertising. Businesses are obligated to respect and enforce these consumer choices across internal and vendor data systems. With Ketch custom workflow builder tools, you can create manual and automated flows that match your desired business processes.
Schedule a DemoLearn more about CPRA and CCPA
The first law of its kind in the United States, the California Consumer Privacy Act (CCPA) was initiated in the wake of Europe’s even more comprehensive General Data Protection Regulation (GDPR) to improve data transparency in the most populous U.S. state. Signed into law on June 28, 2018, and taking effect on January 1, 2020, CCPA applies to any for-profit business anywhere in the world that meets any one of the following thresholds:
Coined CCPA 2.0, the California Privacy Rights Act (CPRA) was approved by voters on November 4, 2020, as a means to improve upon the existing CCPA. The new rights and requirements outlined in the CPRA will be enforced beginning March 29, 2024, resulting in a law more in line with the EU’s GDPR and providing greater protection for consumers and additional compliance regulations for businesses.
Like GDPR, business required to be CPRA/CCPA-compliant must provide notice to consumers at the time they collect personal data, allow them to opt out and disclose the reason for retaining, sharing or selling personal information. They also must allow consumers to access and delete their personal information, respond to consumer requests within specific timeframes, and maintain all records of requests for a minimum of two years.
Penalties violating CCPA can cost businesses $2500 for per individual violation (i.e., per consumer), with higher fees for intentional violations. While you can avoid liability if you cure the noncompliance within 30 days, there are some types of non-compliance that may not be capable of a cure. For example, if a data breach has already occurred, there’s little you can do to fix it.
With the passing of the CPRA, the price of non-compliance has increased and the establishment of the CCPA is expected to result in greater enforcement. Most notably, CPRA triples the maximum penalty for an individual violation to $7500 for violations concerning minors.
CCPA and CPRA are applicable to any forprofit entity doing business in California that meet any one of the following thresholds:
Ketch is easy-to-use data privacy software that makes it easy for businesses and brands to comply with data privacy regulations including CCPA/CPRA.
With Ketch, you can automate opt-outs, collect consent, enforce consumer privacy choices across your systems. Ketch can also help you with essential privacy program tasks like data mapping, ROPAs, risk assessments, and more.