enactedUS-COEffective July 1, 2023

Colorado Privacy Act (CPA)

Complete compliance guide for companies with <200 employees. Everything you need to know about CPA requirements, deadlines, and penalties.

DSAR Deadline

45 calendar days

+ 45 days extension

Max Penalty

$20,000/violation

Threshold

100,000 consumers

Est. Cost

$4,000 – $15,000

4-10 weeks

Mid-Market Compliance Guide

Colorado's CPA is considered the most GDPR-like US state law. It requires a universal opt-out mechanism (since July 2024), making it more demanding than CCPA for some companies. The $20,000/violation penalty is among the highest in the US.

Key Requirements

Provide privacy notice
Honor universal opt-out mechanism
Obtain consent for sensitive data
Conduct data protection assessments
Implement purpose limitation

Enforced by: Colorado Attorney General

Consumer Rights

Right to Access

Right to Delete

Right to Correct

Right to Data Portability

Right to Opt-Out via Universal Mechanism

Business Obligations

1.Universal opt-out mechanism support
2.Data protection assessments
3.Purpose limitation
4.Processor agreements
5.60-day cure period (expires July 2025)

Exemptions

•HIPAA-covered entities
•GLBA-covered financial institutions
•Nonprofits
•Higher education institutions
•Employment data

Related Privacy Laws

VCDPA

US-VA

Virginia Consumer Data Protection Act

CCPA/CPRA

US-CA

California Consumer Privacy Act

Recommended Compliance Tools

OneTrust

Enterprise privacy management platform

CPA universal opt-out mechanism support

Osano

Easy-to-use privacy compliance for mid-market companies

CPA universal opt-out mechanism support

WireWheel

Privacy management platform with trust-building focus

CPA compliance support

DataGrail

DSAR automation platform that connects directly to your data systems

CPA universal opt-out processing

Ketch

Programmatic privacy platform for responsible data use

CPA universal opt-out mechanism

Ethyca (Fides)

Open-source privacy engineering infrastructure

CPA compliance enforcement in CI/CD

Browse all compliance tools

Get a mid-market compliance checklist for CPA

We'll send you a practical, step-by-step checklist tailored for companies with <200 employees. No spam, unsubscribe anytime.

See how DPAs enforce CPA in practice

Real fines, real violations, real lessons. Browse our enforcement database to understand what gets penalized under CPA.

Browse Enforcement Actions Calculate your DSAR deadline

Disclaimer: This is general information, not legal advice. Consult a qualified attorney for your specific situation. Laws and regulations may change. Last reviewed: 3/27/2026.