Skip to content.
Get Started Today
Contact Us Today

We respect your privacy and won’t share your information with outside parties. View our privacy statement.

Thank you for your interest in NAVEX. We’ll be in touch with you shortly. If you have any immediate questions, please give us a call on +44 (0)20 8939 1650.

CCPA Compliance

What is the CCPA?

The California Consumer Privacy Act (CCPA) is a law that allows Californian consumers access to all the information a company has saved on them, as well as a list of third parties that data is shared with.

Challenges Managing CCPA Compliance

The California Consumer Privacy Act (CCPA) has introduced a new host of requirements for companies doing business in the Golden State, even if they’re not based in California. The privacy act is intended to give California residents more control over how companies collect and use their personally identifiable information (PII) by granting them rights to view and control the PII that companies collect about them, similar to the goal of GDPR in the E.U. Companies subject to the CCPA must comply with the data privacy law by creating mechanisms that allow California residents to exercise those rights. 

Under the CCPA, California consumers may request to:

• Learn what personal information is being collected and why
• Have their personal information deleted
• Obtain information about onward disclosures and any reselling of their personal information

Risks from regulatory non-compliance and litigation can be severe. The CCPA allows the state to seek civil monetary penalties for each infraction, and consumers can file their own civil litigation seeking damages arising from personal information breaches. Compliance requires organizations to have effective risk management practices.

Unfortunately, there is still a lot of uncertainty around how to systematise and comply with the CCPA in a way that aligns with the organisation’s other compliance efforts.

What You Need

Clear Policies

Development and disclosure of privacy policies to align with CCPA compliance.


Employees must be trained on the company’s responsibilities under the data privacy law on how to handle consumer inquiries.

Intake Systems

Mechanisms to allow consumers to submit data subject requests.

Data Map

The company should identify PII it collects about California residents, how that data is processed, and where the data resides.

Breach Response Plan

Protocol to disclose a breach once discovered, or to investigate allegations of a breach brought to the company’s attention.

Steps You Can Take to Ensure CCPA Compliance

Step 1

Understand what data you have, why it is collected, how it is used, and how it travels through your organisation. Assess for risk to that data and develop and implement plans to protect it.

Step 2

Make sure your policies and procedure management program remains in alignment with California’s data privacy law as it evolves.

Step 3

Offer multiple methods for consumers to submit data subject requests, including a toll-free telephone number and a streamlined information-gathering process.

Step 4

Perform a risk assessment on third parties you share data with and service providers that handle PII on your company’s behalf. Confirm that your policies and procedures for working with those third parties and service providers address CCPA compliance issues.