CCPA / CPRA compliance with ConsentX
California Consumer Privacy Act (as amended by CPRA)
California, USA
CPRA in force since 2023
United States
Who it applies to
For-profit businesses that meet revenue or data-volume thresholds and handle California residents' data.
Penalties
Up to $7,500 per intentional violation, plus statutory damages for breaches.
Key obligations
- Honor Do Not Sell or Share requests
- Recognize Global Privacy Control signals
- Provide a clear opt-out mechanism
- Handle consumer rights requests
- Limit use of sensitive personal information
How ConsentX helps
Native Global Privacy Control support
Do Not Sell or Share controls
Opt-out preference signals
45-day DSAR SLA workflow
Get CCPA / CPRA ready with ConsentX
Start free, or book a walkthrough with our team.
This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified counsel.
Frequently asked questions
What is CCPA / CPRA?+
The CCPA, expanded by the CPRA, is California's privacy law giving consumers the right to opt out of the sale or sharing of their personal data and to access and delete it.
Do I have to honor Global Privacy Control in California?+
Yes. Under CPRA a GPC signal must be treated as a valid opt-out of the sale or sharing of personal information.
Is CCPA opt-in or opt-out?+
Opt-out. Consumers can opt out of sale and sharing, and you must make that easy and honor GPC.