Number One  Global Privacy Partner Of Choice

What is the California CCPA

California CCPA  Privacy Act

The CCPA is the beginning of “America’s GDPR.” Similar to the GDPR, the CCPA will require organizations to focus on user data and provide transparency in how they’re collecting, sharing and using such data. But to what extent can a company extend its GDPR capabilities into its California operations to prepare for CCPA? Certain CCPA requirements overlap with the existing GDPR individual rights requirements, which may give GDPR-ready organizations a jump start on building a capability around user-data handling practices. Still, several policies, processes and systems will still need updating to address differences between the two laws.

Who Does the CCPA Apply To
Is your business going to be affected by the CCPA?

First and foremost, the CCPA only applies to for-profit companies. These companies must collect and process personal information of Californians, but do not need to maintain a physical location in the state. The business must comply with CCPA requirements if it meets even ONE of the following criteria:

  • The business must generate annual gross revenue in excess of $25 million;
  • The business must receive or share personal information of more than 50,000 California residents annually; or
  • The business must derive at least 50 percent of its annual revenue by selling the personal information of California residents.
What is the Scope of the CCPA

1) Assess the CCPA’s applicability to your business 

Determine whether your business falls within the scope of the CCPA. The CCPA applies to businesses that: 

  • Collect California consumers’ personal information and either have annual gross revenues in excess of $25m 
  • Process the personal information of 50,000 or more California consumers, households, or devices 
  • Derive 50% or more of their annual revenues from selling California consumers’ personal information 
Note that the CCPA has broad applicability and protects the information of California residents (not only when they are present in California). This means that certain “geofencing” strategies that were used to avoid the applicability of the GDPR may not be sufficient in the case of the CCPA. 
How Are Data Controllers and Data Processors treated under the CCPA
Data Controller
  • For-profit controllers that meet the following thresholds:
  •  Annual gross revenue over $25M.
  • Buys/sells or receives/shares for “commercial purposes” the data of 50,000 California residents.
  • Derives 50 percent of revenue from “selling” personal data of California residents.
    If a controller qualifies under the thresholds, parent companies and subsidiaries in the same corporate group operating under the same brand also qualify.
Data Processor

A “service provider” is a for profit entity that acts as a processor to a “business” and that receives the data for “business purposes” under a written contract containing certain provisions. 
In addition, the CCPA uses the term “third party” to refer to entities that are neither business nor service providers.

CCPA Privacy Policy Requirements
Privacy Notice /
Information Right
Businesses must inform consumers
  •  The personal information categories
  • The intended use purposes for each
Further notice is required to:
  • „ Collect additional personal information categories.
  • Use collected personal information or unrelated purposes.


The CCPA requires that businesses
provide specific information to
consumers and establishes delivery
Third parties must also give consumers
explicit notice and an opportunity to
opt out before re-selling personal
information that the third party acquired
from another business

What are the penalties?

The California AG may bring actions for civil penalties of $2,500 per violation, or up to $7,500 per violation if intentional.
However, the CCPA also grants
businesses a 30-day cure period for
noticed violations.

Relentless Your CCPA Partner of Choice

Relentless Privacy and Compliance Services provides quality, cost-effective compliance, assurance and global privacy maturity assessments to companies  of all sizes. Unlike traditional compliance firms, we don’t have four or five layers of management. Through the use of technology and our centralized, streamlined structure, we are able to serve our clients in the timeliest manner and with the highest level of efficiency. And because of our unique model and approach, we are able to deliver this exceptional service at highly competitive rates.

We have 20+ years of compliance and assurance experience and are committed to providing a personalized and responsive service.

With a tailor made approach, we work with our clients in executing each project to their specific need and help maximize the long term business value of their compliance and privacy assurance strategies ensuring their global operations remain  within the law.

CCPA Consumer Data Request Managed Service

CCPA Toll Free Number and Email Request Provisions

The legislation Mandates that businesses must provide a toll-free phone number for consumers to submit CCPA requests.

This is because those behind the CCPA want it to be as easy as possible for consumers to exercise their rights.

The toll-free number will provide one of a minimum of two methods by which the CCPA legislation demands consumers can make requests. For most businesses the second should be a specific website address—although if the business doesn’t have a website then, in addition to the toll-free number, it can offer a mailing address, email address, or “other applicable contact information”—including any new “consumer-friendly” means of contacting a business that might arise in the future. Although the legislation mentions no specifics, this might include a new type of messaging service, as one example.

Of course, there’s nothing stopping a business from providing all of the above.

CCPA Enquiry

CCPA Enquiry


6 + 9 =

Relentless CCPA Data Request Managed Service

We have you covered

The Relentless CCPA Data Request Managed Service provides the certainty of compliance for the management of Personal data requests for CCPA.

Managed Service Components

  • Published CCPA  TOLL Free Number fully managed including voice messages
  • Published CCPA  data request Email service fully managed
  • California identity residence verification
  • Manage all communications with requester
  • Guaranteed SLA management  for request time limitation
  • Monthly reporting dashboard

All for one low cost monthly fee 

For a detailed quote for this service please complete the enquiry form on the left.

CCPA Consultancy Fully Managed Service

CCPA Consultancy Fully Managed Service

Our Fully Managed CCPA Consultancy Service Includes the Following

  • CCPA Assessment
  • Dedicated Support Consultant
  • Unlimited Support Calls
  • Unlimited Email Support
  • Data  Mapping
  • Record of Processing Activities
  • Subject Access Request  Service
  • Data Breach Support

Privacy Preference Center