Does the CCPA / CPRA apply to your business?
The California Privacy Rights Act (CPRA) is a privacy law that was passed in 2020 to strengthen the standards of the California Consumer Privacy Act (CCPA).
California residents have the right to request access or deletion of their personal information collected by a business.
By law, business owners have to give customers access to their personally identifiable information within thirty days of receiving a request for disclosure.
It is forbidden to sell consumer's personal information and all companies must adopt reasonable security measures to protect users.
Learn what's required for CCPA
and CPRA compliance
With Enzuzo's easy setup and powerful features, creating the policies and tools you need to be compliant with CCPA just got easier.
Features you need to meet CPRA compliance
Enzuzo helps you generate a custom privacy policy, terms of service, cookie consent banner, and Do Not Sell My Personal Information page that complies with the California Consumer Privacy Act (CCPA). All of our features are easily editable to fit your business's needs.
Privacy Policy
Data Subject Access Rights Form
Create a Do Not Sell My Personal Information form to allow customers to opt-out.
Cookie Consent
Easily manage consent through our customizable cookie banner and cookie manager generator.
25+ Languages
Available in English, French, German, Italian, Danish, Japanese, Spanish, EU Portuguese, Dutch and more.
.png)
Your privacy policy must include detailed disclosures
To ensure compliance with the California Privacy Rights Act (CPRA) businesses must include specific disclosures in their privacy policy. Examples include descriptions of consumer rights, processing partners, purposes, sources and more.
-
Information must be complete and accessible
-
Accessible on your website or mobile app
-
Automatic updates as laws change
Display a cookie banner and allow users to opt out
Build and launch your own CPRA-compliant cookie consent banner in minutes. Fully customizable text, colours, layout and configuration.
-
Set cookie preferences for CPRA compliance
-
Include links to your privacy policy
-
Add analytics tracking integrations from popular services

.png)
Allow customers to request access or deletion their
personal information
You can use our customizable "Do Not Sell My Personal Information" page to collect and manage DSARs (unsubscribes, data deletion requests) in a way that's easy for you and your team to use.
CCPA data requests must be completed within 30 days, or else businesses can face expensive fines. With Enzuzo's streamlined privacy dashboard, you can track every request from start to finish.
-
Create a "Do Not Sell My Personal Information" page in minutes
-
Customers can opt-out or request personal information
-
Manage and complete data requests in one place
Learn more about CCPA and CPRA

Easy Guide to the CCPA
More on CPRA and CCPA compliance
What are CCPA regulations?
The California Consumer Privacy Act (CCPA) is a leading privacy law brought in to offer additional rights and protections for California residents. It gives them greater control over how their personal data is collected, processed, and shared by businesses.
A data subject (or someone making the request on their behalf) doesn’t need to be a customer of your eCommerce store for their request to be valid. They may be a current or ex-employee, corporate partner or sponsor, supplier, contractor, or anyone else that believes you may hold personal data on them.
What are the consumers' rights covered by the CCPA?
There are 5 different "rights" within the California Consumer Privacy Act in which you must abide by if you are collecting personal information of customers' who reside in California.
- Right to notice
- Right to disclosure
- Right to opt-out
- Right to fair treatment
- Right to request deletion
Learn more about each of these rights in our Simple Guide to CCPA.
Do I need a Do Not Sell My Information page for my website?
If you sell to customers who live in California than it's a great idea to create and launch a Do Not Sell My Info or California Privacy Rights page for your website. Alternatively you can list more information about CCPA in your privacy policy if you don't want to have a standalone page.
The most important thing, is that you have an easy way for customers to submit data subject access requests so you can comply with the Right to Disclosure, the Right to Opt-Out and the Right to Request Deletion.
What is the penalty for noncompliance with the CCPA?
The Attorney General has the opportunity to impose injunctions and civil penalties on businesses for noncompliance and CCPA violations.
This penalty is set at $2,500 for each violation, which can rise towards $7,500 per violation if it was considered to be intentional. These penalties are applied per violation. This means if your violation refers to hundreds or thousands of individuals, the penalty can rise steeply.
What is a Data Subject Access Request (DSAR)?
The phrase “data subject access request” might sound complicated and technical, but when you strip it back a DSAR is simply a request from someone that you hold personal data on. They’re known as the data subject, and often want to access their data, hence the term data subject access request.
How do you get a CCPA compliance certificate?
The California Consumer Privacy Act (CCPA) was passed by the California State Legislature and signed into law by the Governor of California, Jerry Brown, on June 28, 2018. This act was meant to amend part 4 of Division 3 of the California Civil Code. The act stipulates that California residents have a right to know what personal data is being collected about them and how it’s being used.
Therefore, organizations are mandated to respond to personal data requests submitted to them by consumers. This law applies to all businesses in California, including for-profit entities that collect consumers personal information. But for your organization to qualify for CCPA compliance, it has to meet the following criteria:
- Annual gross revenue of over $25 million
- Ability to buy, receive, or sell personal data of over 50,000 consumers or households
- More than half of its annual revenue is earned from selling personal consumer data
You also need to check if your organization is covered under the privacy act so that you can prepare for its compliance. To check for CCPA compliance, follow these steps:
- Understand your responsibility to the act
- Map your consumer data
- Update your privacy disclosures
- Come up with a homepage privacy link
- Figure out the best way to handle consumer personal data requests
- Identify and implement the necessary system changes
- Train your employees
- Strengthen your data security
How can CCPA software help your business?
Under the CCPA, your business is supposed to routinely implement new data privacy systems and policies to ensure the personal data of every consumer is fully protected. This act also extends the meaning of personal information to include data elements that weren’t previously considered personal data under any law in the United States. Failure to comply with this act results in hefty fines and the risk of being prosecuted by the consumer for violation of their privacy.
One of the best solutions to this problem is the use of data privacy compliance software. This program helps you with CCPA privacy compliance by enabling you to perform important functions like risk management reporting, compliance privacy audit, analytics privacy compliance, and other critical tasks related to data privacy compliance. Here are the main benefits of CCPA software for your business:
- Provides you with a compliance framework with the necessary tools and controls to get started
- Allows you to rapidly collect evidence to show your efforts toward compliance
- Enables you to work with the productivity tools and solutions you already have
- Allows you to re-use evidence across various compliance frameworks and controls
- Gives you the ability to plan control to various regulatory standards, and reduces the time for compliance with all regulations that affect your business
- Pinpoints & prioritizes your important operations to ensure timely compliance
Is the CCPA the same as the GDPR?
While both the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR) are meant to guarantee people privacy of their personal information and ensure there is compliance, the two have several unique differences. For instance, the CCPA is meant to protect consumers (natural people who reside in California), while the GDPR focuses on data subjects (any person residing in the European Union who is identifiable, both directly and indirectly). Nevertheless, the two regulations are considered global solutions to data privacy, albeit under somewhat different circumstances.
Also, the CCPA regulates businesses that collect personal information from customers for purposes of selling it, while the GDPR focuses on information controllers and organizations which process data on behalf of controllers in the EU to ensure there's compliance. The GDPR applies to non-EU data processing organizations that process the personal data of EU residents when selling a product or service.
Do you have a CCPA compliance checklist?
Yes, our CCPA requirements checklist can be found at our data privacy compliance page.
The page includes a CCPA audit checklist and advises you of the necessary legal pages for your business to be compliant with CCPA.