Iubenda logo
Start generating


Table of Contents

3 things you can do now for CCPA compliance

If you’re doing business in California, or more broadly in the United States, CPRA (CCPA amendment) may apply to you. Here are 3 simple things you should put into practice now to help make your website compliant! 

CPRA (CCPA amendment) compliance, iubenda

CPRA (CCPA amendment) applies to any business that targets California-based consumers and collects their personal information.

To be considered a business under the CPRA (CCPA amendment), you should meet at least one of these requirements:

  • you have an annual gross revenues of at least $25 million; or
  • you generate more than half of your annual income by exchanging customers’ personal information with third parties; or
  • you process personally identifiable information of at least 50,000 Californians every year.

See our CPRA (CCPA amendment) summary here.

1. Have a detailed privacy policy

CPRA (CCPA amendment) grants users specific rights, including the right to be informed. You must inform your users about how their information is processed, who you’re going to share this information with, and what rights they have. 

You can do this via a privacy policy. Remember, your privacy policy should be easily accessible throughout your website/app. 

2. Display notice of collection and “Do not sell” link

According to the right to opt-out, users can request a business that sells their personal information to stop doing that. 

What sale actually means here

Sale does not just refer to the act of trading for money, but to any activity that consists of sharing the user’s personal information for anything that might benefit the business.

Here you should do two main things: 

  1. Display a notice of collection: upon a user’s first visit to your website, you should inform them that you’re selling personal information.
  2. Add a “Do not sell my personal information” link: users should be able to opt-out anytime, and you should make it easy for them. That’s what a DNSMPI link is for!

3. Keep records 

Last, you should keep records of the opt-outs. 
You can’t contact a user who opted out for at least 12 months after their request.

Records can help you keep track of all the requests you received and avoid non-compliance sanctions.

💡 Is there a way to comply easily?

Of course! There are online tools that can help you with CPRA (CCPA amendment) compliance and can save you money, time and effort. 

Take iubenda, for example. 
Our set of tools for CPRA (CCPA amendment) allows you to: 

  • Create a detailed privacy policy, thanks to our Privacy and Cookie Policy Generator.
  • Generate a notice of collection with a “Do Not Sell” link. That’s what the Privacy Controls and Cookie Solution is for.
  • Keep records of opt-outs, with our Consent Database.

Ready to make your website CPRA (CCPA amendment)-compliant?

Start generating