The California Consumer Privacy Act (CCPA) came into effect on 1st January 2020 and is designed to protect the data privacy of residents in the state of California, USA.

The CCPA offers these protections to residents of California:

  • The right for consumers to demand to see what data a company it holds on them
  • The right to demand that the data is deleted

Companies will also have to display a mandatory link on their website allowing a consumer to prohibit that company from selling their data.

CCPA applies to:

  • Companies that have revenues of more than $25m and 50% or more if that revenue comes from selling consumer data, or trade in more than 50,000 consumers’ data
  • Californian citizens only

Fines ranging between $2,500 to $7,500 can be levied on companies that break the law, but there are many exemptions.


Unlike GDPR, CCPA does not cover the safety or location of data storage, only allowing consumers to see what data is held and request for it to be deleted. As permission to collect (and sell) personal data is granted by default there is no need to collect and record individual’s consent to data collection.

It is unlikely that any of our customers will have to review their CRM usage, although if they are a large data broker they may need to set up processes to deal with requests to view and delete a consumer’s data – but for Californian residents only.

Read more about CCPA on our CRM Blog.