What is CCPA?

The California Consumer Privacy Act (CCPA) is a data privacy law designed to protect the personal information of California residents. This landmark CCPA legislation grants consumers more control over how businesses collect, share, and sell their personal data, promoting CCPA compliance across the digital landscape.

CCPA Consumer Rights: Key Protections for Individuals

The law grants individuals a series of rights, commonly referred to as CCPA consumer rights, that help them manage their personal data. These include:

Right to Know: Consumers may make requests for data on the personal information a business collects, sells, or discloses.
Right to Delete: Consumers may make requests for deletion of their personal information.
Right to Opt-Out: Consumers are allowed to exercise CCPA opt-out rights, refusing the sale or sharing of their personal data.
Right to Non-Discrimination: Companies are not allowed to deny services or offer different prices based on a consumer’s privacy setting.

Who Must Comply with CCPA?

CCPA applies to for-profit businesses that meet at least one of the following criteria:

Annual gross revenue exceeds $25 million
Buys, sells, or shares personal data of 100,000+ California residents or households
Derives 50% or more of annual revenue from selling consumer data

Personal Information Under CCPA: What’s Included?

The CCPA data privacy law takes a broad view of personal information. Businesses must identify and manage the following types of data:

Names, addresses, email addresses<.li>
IP addresses and online identifiers
Geolocation data
Browsing and search history
Biometric data
Employment and educational details

Understanding what counts as personal information under CCPA helps ensure that your organization stays compliant with the law’s requirements.

CCPA regulates for-profit companies that have certain characteristics, including grossing over a certain level of revenue or dealing with huge amounts of consumer data. Companies need to have clear privacy notices, provide an opt-out feature, and implement security practices to safeguard personal information.

DSAR Management
Data Subject requests per month	Unlimited
Web based intake form	Unlimited
Identity verification methods	Advanced
Workflow enabled Data discovery and deletion for systems (application, database, website, file system, products etc.)
Automated data discovery and data feeds from systems	Unlimited
Secured delivery with configurable expiration days
Standard workflow (configurable) and email integration
Standard notifications and response templates
Reporting and dashboards
Customized workflow and notification
Remove “Mandatly” Branding

Cookie Compliance
Number of Domains (additional cost for multiple domains)	1
Website Scanning (Pages and sub-domains)	2500+ pages
Periodic scanning	Automatic
Cookie categorization	Automatic
Predefined banners and layouts
Configurable banners and layouts
Configurable consent categories
Unlimited consent records
Multiple language support
Remove “Mandatly” Branding

Data Inventory
Data Asset (application, database, website, file system, products etc.)	Unlimited
Processing activites	Unlimited
Pre-built data inventory assessment templates
Auto risk detection
Data elements (Predefined and custom)
Standard workflow (configurable), e-mail Integration and notification
Standard notifications and response templates
Reporting and Dashboard
Create you own data inventory assessment templates, Set up risk rules and alerts
Custom workflow and notification
API integration with external systems
Remove “Mandatly” Branding

DSAR Management
Data Subject requests per month	Unlimited
Web based intake form	15
Identity verification methods	Advanced
Workflow enabled Data discovery and deletion for systems (application, database, website, file system, products etc.)
Automated data discovery and data feeds from systems	Upto 5 systems
Secured delivery with configurable expiration days
Standard workflow (configurable) and email integration
Standard notifications and response templates
Reporting and dashboards
Customized workflow and notification
Remove “Mandatly” Branding

Cookie Compliance
Number of Domains (additional cost for multiple domains)	1
Website Scanning (Pages and sub-domains)	Upto 2500 pages
Periodic scanning	Automatic
Cookie categorization	Automatic
Predefined banners and layouts
Configurable banners and layouts
Configurable consent categories
Unlimited consent records
Multiple language support
Remove “Mandatly” Branding

Privacy Management

Data Governance

Data Solutions

Privacy Management

Data Governance

Data Solutions

Mandatly Knowledge Base

Cookie Banner

Cookie Consent

CCPA and CPRA

GDPR

What is CCPA?

CCPA Consumer Rights: Key Protections for Individuals

Who Must Comply with CCPA?

Personal Information Under CCPA: What’s Included?

Product

Company

Resources

Legal

Get a Free Demo of Mandatly's

Enterprise

Professional

Basic

Free

Intelligent Assessment
Assessments on Processing activities and Data Sources (Application, Database, Website, Manual, Products etc.)	Unlimited
Standard Assessment templates (PTA, PIA/DPIA, PbD)
Configure your own assessments and setup up risks and alerts
Integration with Data Inventory to link data sources and processing activities (RoPA)
Standard Workflow, Notification and Email Integration
Reporting and Dashboard
Custom workflow and notification
Risk assessment and Mitigation
Remove “Mandatly” Branding

Data Inventory
Data Asset (application, database, website, file system, products etc.)	100
Processing activites	1000
Pre-built data inventory assessment templates
Auto risk detection
Data elements (Predefined and custom)
Standard workflow (configurable), e-mail Integration and notification
Standard notifications and response templates
Reporting and Dashboard
Create you own data inventory assessment templates, Set up risk rules and alerts
Custom workflow and notification
API integration with external systems
Remove “Mandatly” Branding