CCPA and CPRA

Practical steps to meet California’s privacy laws

The California Consumer Privacy Act (CCPA) and its amendment, the California Privacy Rights Act (CPRA), give California residents strong rights over their personal information. BrightShield makes it achievable for small businesses with clear policies, playbooks, and practical guidance.

Benefits

Why CCPA and CPRA matter

Applies beyond California

Even if your business isn’t based in California, these laws apply if you serve California residents and meet certain thresholds.

Protects customer privacy

Stronger rights and transparency requirements show customers you take their information seriously.

Avoids penalties and lawsuits

Non-compliance can lead to enforcement actions, fines, and consumer claims.

Keeps you future-ready

Strong privacy practices now prepare you for upcoming state and federal privacy laws.
Two smiling business professionals walking together through modern office with bright natural lighting
How We Help

BrightShield makes CCPA and CPRA compliance clear and manageable.

Pre-Built Policy Templates

Privacy policies, consumer rights statements, breach response plans — aligned with California’s requirements.

Step-by-Step Guidance

Guides for handling consumer data requests, updating privacy notices, managing opt-outs, and preparing for audits.

Quick Wins First

We highlight the easiest improvements — like adding “Do Not Sell or Share My Personal Information” links — that make the biggest impact.

Progress Tracking

Track readiness across the core requirements and see improvements over time.

Evidence Storage

Keep request logs, policy updates, and consumer response records all in one place.
Why us

The BrightShield Advantage

Your partner in making CCPA and CPRA compliance simple, practical, and achievable. We give you clear steps, smart priorities, and steady progress — so you can protect data and build customer trust.

Practical, not overwhelming

We simplify CCPA and CPRA requirements into plain, actionable tasks.

Built for small businesses

BrightShield focuses on what smaller teams need most, without enterprise overhead.

Confidence, not just compliance

Move beyond ticking boxes — show your customers you care about their privacy.

Frequently asked questions

What are the CCPA and CPRA?
The CCPA (2018) is California’s privacy law that gives residents rights over their personal information. The CPRA (2020) amends and strengthens the CCPA, creating new rights and establishing the California Privacy Protection Agency (CPPA) for enforcement.
Who do these laws apply to?
Generally, if you do business in California and meet one of these:
  • Annual gross revenues over $25 million.
  • Buy, sell, or share the personal information of 100,000+ California residents or households.
  • Derive 50% or more of annual revenue from selling or sharing California residents’ personal information.
What rights do consumers have under CCPA and CPRA?
  • The right to know what data is collected and how it’s used.
  • The right to delete personal information.
  • The right to opt out of the sale or sharing of personal data.
  • The right to correct inaccurate data (CPRA).
  • The right to limit the use of sensitive personal data (CPRA).
  • Protection against discrimination for exercising privacy rights.
How hard is it to comply with CCPA and CPRA?
It depends on your current practices. Many SMBs already have opt-out options and privacy policies. The challenges often lie in building a process for responding to requests and ensuring contracts with service providers meet the new standards. BrightShield makes this easier with templates, playbooks, and a clear roadmap.
What happens if I don’t comply?
The California Attorney General and the California Privacy Protection Agency can levy fines of up to $7,500 per intentional violation. Consumers can also bring lawsuits if their personal data is exposed due to poor security.
How does BrightShield support CCPA and CPRA compliance?
BrightShield helps you meet CCPA and CPRA compliance by:

  • Templates for privacy policies and notices.
  • Playbooks for handling access, deletion, correction, and opt-out requests.
  • Guidance for configuring “Do Not Sell or Share” links and opt-out banners.
  • Logs and reports to show compliance with regulator or client requirements.
Let's Talk

California privacy compliance, made simple

BrightShield helps you prepare for, comply with, and maintain CCPA and CPRA requirements — so you can protect data, build trust, and grow with confidence.

Book a Call