California Consumer Privacy Act. All You Need to Know

| | 2 min read

The year 2018 marked the implementation of one of the most popular data protection laws in the world, ie GDPR. It's been a year and a half since its implementation. Any organization in Europe or who delivers a digital service to European Public and uses their personal information now complies GDPR.

Now it’s time for CCPA, California Consumer Privacy Act.

What is CCPA?

In the Year 2018, the State of California passed a data protection law, known as CCPA. ie California Consumer Privacy Act 2018. It empowers consumers with the right to request business to disclose or delete the storage and usage of data collected about them. Additionally, it also gives freedom for users to opt-out completely from third party data transfer and sales.

In order to ensure adherence, the state has also decided to give penalties for defaulters. This ranges from $2500 to $7500 per violation.



CCPA Also Grants a Number of Rights to the Consumer, which Includes

  • Right to Request Information (Section # 1798.100, 1798.115)

  • Right to Portability (Section # 1798.130(2))

  • Right of Deletion of Personal Information(Section # 1798.105)

  • Right to Opt-Out (Section # 1798.120 1798.135)

What are the Eligibility Criteria for CCPA?

Businesses who serve/work for Californian residents and meet at least one or more of the following criteria are eligible for CCPA

  • Having a Gross Annual Revenue of more than $25M

  • Processing information of more than 50,000 households, consumers, or devices

  • Deriving 50% or more of their annual revenue from selling California consumers’ personal information

Who all are Excluded from CCPA?

  • Nonprofits that do not operate for “profit or financial benefit”

  • Financial institutions that are regulated under the Gramm-Leach-Bliley Act

  • Consumer reporting agencies that are regulated under the Fair Credit Reporting Act

  • Health care providers that are regulated by the Health Insurance Portability and Accountability Act



Key Focus of CCPA

  • Control of personal data

  • Protection of personal data

  • Insight into information acquired by companies

CCPA Implementation Timeline

California Consumer Privacy  Act 2018 becomes effective on 01-January-2020.

How To Prepare for CCPA

  1. Conduct an internal audit to identify the different kinds of personal information is being collected at various stages

  2. Cleaning out personal information that is no more relevant or not being actively used

  3. Equip digital platforms to adhere to CCPA guidelines

  4. Train employees on CCPA and clearly define the additional responsibilities they will have

  5. Develop different kinds of documents required for delivering responses related to CCPA

Zyxware has helped many clients in implementing privacy guidelines as per GDPR in the past. We are taking CCPA also in the same sense. Stay tuned for article series on CCPA implementation in your website and mobile apps. Alternatively, you can reach to your consultants to take advice on how to implement CCPA in your website/mobile application.


  • Californians for Consumer Privacy, Accessed on December 2019

  • Bryan Cave Leighton, Paisner, California Consumer Privacy Act (CCPA)Practical Guide, Accessed on December 2019