Who Does the CCPA Apply to?

California Consumer Privacy Act (CCPA) the Ultimate Guide

Table of Contents

Introduction to CCPA

The California Consumer Privacy Act (CCPA) is a comprehensive data privacy law that enhances the privacy rights and consumer protections for residents of California, USA. It aims to give California residents more control over their personal information collected by businesses and imposes stringent obligations on businesses to ensure data protection.

For a more detailed exploration of which businesses the CCPA applies to and the specific criteria involved, you can delve deeper into the topic here or get more information directly from the Department of Justice.


CCPA vs GDPR: Key Similarities & Differences Businesses Must Understand

The CCPA and the EU’s General Data Protection Regulation (GDPR) are both critical data privacy laws, but they have distinct differences:

Scope and Applicability:

The CCPA applies to for-profit businesses that meet specific criteria, such as having gross annual revenues over $25 million or handling data of more than 50,000 consumers. The GDPR, on the other hand, applies broadly to any entity processing personal data of EU residents, regardless of the entity’s location.

Consumer Rights:

Both laws grant rights to access and delete personal data. However, the CCPA includes the right to opt-out of the sale of personal information, a right not explicitly provided by the GDPR.


GDPR violations can result in fines up to 4% of annual global turnover or €20 million, whichever is higher. CCPA violations can incur fines up to $2,500 per unintentional violation and $7,500 per intentional violation​​.

What Rights Does the CCPA Provide to Consumers?

Scope of the FDBR

The CCPA grants several rights to California residents:

Right to Know

Consumers can request information about the personal data collected, used, and shared by a business.

Right to Delete

Consumers can request the deletion of their personal data held by businesses, subject to certain exceptions.

Right to Opt-Out

Consumers can opt out of the sale of their personal information.

Right to Non-Discrimination

Consumers cannot be discriminated against for exercising their rights under the CCPA​.

To understand the full spectrum of consumer rights under the CCPA and how they can impact you or your business, you can explore them further.

What Are the Penalties for Violating CCPA?

What are the Penalties for Violating CCPA

Non-compliance with the CCPA can result in significant penalties:

For a comprehensive understanding of the penalties associated with violating the CCPA and the legal implications for businesses, you can find more detailed information here.

Do I Need a Cookie Policy on My Website?

Do I need a Cookie Policy on my Website?

Under the CCPA, businesses that use cookies to collect personal information must provide a clear and comprehensive cookie policy.

This policy should detail the types of cookies used, their purposes, and how users can manage their cookie preferences. Implementing a compliant cookie banner is also essential to ensure users are informed and can consent to cookie usage​.

CCPA Compliance Checklist

CCPA Compliance Checklist

To comply with the CCPA, businesses should follow these steps:

1. Data Inventory:

Conduct a thorough inventory of personal data collected, processed, and shared.

2. Privacy Policy Updates

Update privacy policies to include CCPA-specific disclosures.

Implement procedures to handle consumer requests for data access, deletion, and opt-out.

4. Data Security

Ensure robust security measures to protect personal data​.

For a detailed checklist that can help your business navigate CCPA compliance, you can use our step-by-step guide.

Guide to CCPA Cookie Banners

Guide to CCPA Cookie Banners

To learn how to set up CCPA-compliant cookie banners on your website, you can read our comprehensive guide.

Businesses must implement clear and compliant cookie banners to inform users about cookie usage and obtain their consent. These banners should provide options for users to accept or reject cookies and access detailed cookie policies. Properly managing cookie consents is crucial for CCPA compliance.

Guide to the CCPA Opt-Out Requirements

Guide to the CCPA Opt-Out Requirements

The CCPA requires businesses to provide a clear and conspicuous “Do Not Sell My Personal Information” link on their websites. This link should direct users to a webpage where they can opt out of the sale of their personal information. Businesses must also honor user preferences and ensure that personal information is not sold without consent.

Who Does the CCPA Apply To?

The CCPA applies to any for-profit business that meets one or more of the following criteria:

To determine if your business falls under the jurisdiction of the CCPA and understand the specific criteria, you can read more about it here.

How to Comply with CCPA

How to Comply with CCPA

To comply with the CCPA, businesses should:

For detailed steps and tools to help ensure your business complies with the CCPA, you can find a comprehensive guide here.


The CCPA represents a significant advancement in data privacy law in the United States, providing robust rights to consumers and imposing substantial obligations on businesses. Understanding the key elements of the CCPA, including consumer rights, compliance requirements, and penalties, is essential for businesses to navigate this regulatory landscape and ensure legal compliance.

For more detailed guidance and tools to help manage CCPA compliance, consider using services like CookieHub, which offers comprehensive solutions for consent management and data privacy compliance across various regulatory frameworks.


Cookie Scanner

Are you compliant?

Sales & Support