CCPA/CPRA
California Consumer Privacy Act / California Privacy Rights Act
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (11)
Business Obligations
| Code | Title |
|---|---|
| CCR §7012 | Notice at Collection Drafting Requirements |
| CCR §7025 | Opt-Out Preference Signal Configuration |
| §1798.100 | General Duties of Businesses that Collect Personal Information |
| §1798.130(a)(3) | Privacy Policy Content Requirements |
| §1798.130(a)(5)(C) | Notice at Collection |
| §1798.135(a) | Do Not Sell or Share My Personal Information Link |
| §1798.135(b) | Opt-Out Preference Signals (Global Privacy Control) |
| §1798.140 | Threshold for Applicability and Key Definitions |
| §1798.145 | Exemptions and Permitted Activities |
| §1798.185(a)(15) | Risk Assessments for High-Risk Processing |
CCPA/CPRA: Accountability & Compliance
Demonstration of compliance and accountability (CCPA/CPRA)
CCPA/CPRA: Data Collection & Consent
Requirements for lawful collection and consent management (CCPA/CPRA)
CCPA/CPRA: Data Governance
Organizational governance of personal data processing (CCPA/CPRA)
CCPA/CPRA: Data Security
Technical and organizational security measures (CCPA/CPRA)
CCPA/CPRA: Data Subject Rights
Individual rights regarding their personal data (CCPA/CPRA)
Consumer Rights
| Code | Title |
|---|---|
| CCR §7026 | Requests to Opt-Out of Sale/Sharing Handling |
| §1798.105 | Right to Delete Personal Information |
| §1798.106 | Right to Correct Inaccurate Personal Information |
| §1798.110 | Right to Know Categories and Specific Pieces of Personal Information Collected |
| §1798.115 | Right to Know Personal Information Sold or Shared and Recipients |
| §1798.120 | Right to Opt Out of Sale or Sharing of Personal Information |
| §1798.125 | Non-Discrimination for Exercise of Rights |
| §1798.135(c) | Authorized Agent Requests |
| §1798.185(a)(16) | Automated Decisionmaking Technology Access and Opt-Out |
Enforcement
| Code | Title |
|---|---|
| CCR §7301-7304 | CPPA Audit and Investigation Cooperation |
| §1798.150 | Private Right of Action for Data Breaches |
| §1798.155 | Administrative Enforcement and Civil Penalties |
Privacy Operations
| Code | Title |
|---|---|
| CCR §7060 | Consumer Identity Verification |
| CCR §7100-7102 | Recordkeeping Requirements |
| §1798.130(a)(1) | Designated Methods for Submitting Consumer Requests |
| §1798.130(a)(2) | 45-Day Response Window and Identity Verification |
| §1798.130(c) | Annual Metrics Disclosure (Large Businesses) |
Sensitive PI
| Code | Title |
|---|---|
| CCR §7027 | Requests to Limit Use of Sensitive PI Handling |
| §1798.121 | Right to Limit Use and Disclosure of Sensitive Personal Information |
Service Provider
| Code | Title |
|---|---|
| CCR §7050 | Service Provider and Contractor Obligations |
| §1798.100(d) | Contractual Requirements for Third Parties, Service Providers, and Contractors |
Your Compliance Coverage
If you comply with CCPA/CPRA, you already cover:
Connecticut Data Privacy Act (CTDPA)
19%
6 controls mapped
Compare →Colorado Privacy Act
19%
6 controls mapped
Compare →China Personal Information Protection Law (PIPL)
19%
6 controls mapped
Compare →+ 3 more: Delaware Online Privacy and Protection Act (proposed) (13%), COPPA (13%)
See all 6 mapped frameworks ↓Maps to 6 other frameworks
Frequently Asked Questions
What is CCPA/CPRA?
CCPA/CPRA is a compliance framework from United States - California with 11 domains and 31 controls. California Consumer Privacy Act / California Privacy Rights Act It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does CCPA/CPRA have?
CCPA/CPRA has 31 controls organised across 11 domains. The largest domains are Business Obligations (10 controls), Consumer Rights (9 controls), Privacy Operations (5 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does CCPA/CPRA map to?
CCPA/CPRA maps to 6 other compliance frameworks. The top mapping partners are Connecticut Data Privacy Act (CTDPA) (19% coverage), Colorado Privacy Act (19% coverage), China Personal Information Protection Law (PIPL) (19% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with CCPA/CPRA compliance?
Start your CCPA/CPRA compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about CCPA/CPRA requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 31 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 723 frameworks.
Get Started Free →Free forever — no credit card required