California Consumer Privacy Act (CCPA/CPRA)
Complete compliance guide for companies with <200 employees. Everything you need to know about CCPA/CPRA requirements, deadlines, and penalties.
45 calendar days
+ 45 days extension
$7,988/violation
100,000 consumers
or $26,625,000 revenue
$8,000 – $25,000
6-16 weeks
Mid-Market Compliance Guide
Most mid-market companies (50-200 employees) fall under CCPA if they process data of 100,000+ California consumers or earn $26.6M+ annually. The CPRA amendments (effective Jan 2023) added new rights and created the CPPA enforcement agency.
Key Requirements
- Right to know what data is collected
- Right to delete personal information
- Right to opt-out of sale/sharing
- Right to non-discrimination
- Right to correct inaccurate data (CPRA)
- Right to limit use of sensitive data (CPRA)
Consumer Rights
Business Obligations
- 1.Provide privacy notice at collection
- 2.Honor consumer requests within 45 days
- 3.Implement reasonable security measures
- 4.Conduct risk assessments for high-risk processing
- 5.Register as data broker if applicable
Exemptions
- •Businesses under $26.6M revenue AND under 100K consumers
- •Employee/job applicant data (partial exemption expired)
- •HIPAA-covered health data
- •GLBA-covered financial data
Related Privacy Laws
Recommended Compliance Tools
Enzuzo
Privacy compliance for growing businesses
Cookie consent and basic CCPA compliance for SMBs
OneTrust
Enterprise privacy management platform
Full CCPA/CPRA automation including DSAR workflows
Osano
Easy-to-use privacy compliance for mid-market companies
CCPA/CPRA opt-out and disclosure automation
BigID
AI-powered data intelligence for privacy and security
CCPA data inventory and consumer request automation
Transcend
Privacy infrastructure for modern companies
API-first CCPA automation with data mapping
TrustArc
Enterprise privacy management with built-in regulatory intelligence
CCPA compliance assessments and consumer rights
Securiti
AI-powered data command center for privacy, security, and governance
CCPA data inventory and consumer request processing
WireWheel
Privacy management platform with trust-building focus
CCPA compliance workflows
DataGrail
DSAR automation platform that connects directly to your data systems
CCPA automated consumer request fulfillment
Ketch
Programmatic privacy platform for responsible data use
CCPA opt-out with programmatic enforcement
Ethyca (Fides)
Open-source privacy engineering infrastructure
CCPA data deletion automation via Fides
Mine (SayMine)
AI-powered DSAR automation and data minimization
CCPA consumer request handling
Didomi
Consent management platform for global privacy compliance
CCPA opt-out consent collection
Usercentrics
Enterprise consent management with Google-certified CMP status
CCPA opt-out consent management
CookieYes
Affordable cookie consent and compliance for small businesses
CCPA cookie consent and opt-out
Drata
Compliance automation for SOC 2, ISO 27001, GDPR, and more
CCPA compliance monitoring and assessment
Get a mid-market compliance checklist for CCPA/CPRA
We'll send you a practical, step-by-step checklist tailored for companies with <200 employees. No spam, unsubscribe anytime.
See how DPAs enforce CCPA/CPRA in practice
Real fines, real violations, real lessons. Browse our enforcement database to understand what gets penalized under CCPA/CPRA.
Disclaimer: This is general information, not legal advice. Consult a qualified attorney for your specific situation. Laws and regulations may change. Last reviewed: 3/27/2026.