• Platform
    • The Osano Platform Overview

      Get an overview of the simple, all-in-one data privacy platform

    • header__icon-1
      Cookie Consent

      Manage consent for data privacy laws in 50+ countries

    • user-square
      Subject Rights Management

      Streamline and automate the DSAR workflow

    • assessments primary 200
      Assessments

      Efficiently manage assessment workflows using custom or pre-built templates

    • Unified Consent primary 200
      Unified Consent & Preference Hub

      Streamline consent, utilize non-cookie data, and enhance customer trust

    • data mapping primary 200
      Data Mapping

      Automate and visualize data store discovery and classification

    • shield-tick
      Vendor Privacy Risk Management

      Ensure your customers’ data is in good hands

    • Features & Integrations

      Key Features & Integrations

    • TrustHub
    • Privacy Templates
    • GDPR Representative
    • Consult Privacy Team
    • Regulatory Guidance
    • Integrations
  • Solutions
    • By Regulation
    • CPRA

      Discover how Osano supports CPRA compliance

    • CCPA

      Learn about the CCPA and how Osano can help

    • GDPR

      Achieve compliance with one of the world’s most comprehensive data privacy laws

    • By Role
    • For Non-Privacy Experts

      Simple and robust compliance for marketers, IT, product, developers, and more

    • For Legal & Compliance

      Bridge the gap from regulatory knowledge to privacy operations with smart automation

    • For GRC, Risk & Security

      Manage the full spectrum of risk—privacy included

    • By Use Case
    • Path
      Consent Management

      Manage consent without the complexity

    • Icon (14)
      DSAR Automation

      Never miss a DSAR deadline again

    • Icon (16)
      Privacy Program Management

      Build and grow an end-to-end privacy program

    • Icon (15)
      Vendor Risk Management

      Regain insight and control over your customers’ data

  • Resources
    • Resources

      Key resources on all things data privacy

    • book-open-01
      Articles

      Expert insights on all things privacy

    • Icon (25)
      Resource Center

      Key resources to further your data privacy education

    • hand a heart icon primary 200
      Customer Stories

      Meet some of the 5,000+ leaders using Osano to transform their privacy programs

    • globe icon primary 200
      U.S. Data Privacy Laws

      A guide to data privacy in the U.S.

    • code icon primary 200
      Product Updates

      What's the latest from Osano?

    • Become a Privacy Insider

      Data privacy is complex but you're not alone

    • envelope icon primary 200
      The Newsletter

      Join our weekly newsletter with over 35,000 subscribers

    • Icon (17)
      The Podcast

      Global experts share insights and compelling personal stories about the critical importance of data privacy

    • book-open-01
      The Book

      Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program

    • Icon (30)
      Events

      Upcoming webinars and in-person events designed for privacy professionals

    Latest Blog post

    Busy privacy pro graphic

    Multi-Hyphenate Privacy Professionals: 3 Strategies for Success

    When we write about data privacy, it’s easy to default to talking to...

    Read Now
  • Company
    • Vector
      About Us

      The Osano story

    • Icon (25)
      Careers

      Become an Osanian and help us build the future of privacy!

    • Icon (26)
      Contact

      We’re eager to hear from you

    • 
      Our Pledge

      No fines, no penalties

    • Icon (27)
      Data Licensing

      Add Osano data privacy ratings and recommendations to your application

    • Icon (28)
      Osano Swag Store

      Increase Trust. Stay Compliant. Get Cool Swag.

    • Icon (29)
      Press & Media

      Inquiries and Osano in the news

    • Icon (30)
      Partners & Resellers

      Interested in partnering with us?

  • Pricing
  • Sign In Book a Demo
CPRA Compliance

CPRA Survival Kit

Make sure you understand the tasks behind CPRA compliance with this guide.

In this article
What is the CPRA?Why Is it Important?What Do I Need to Do?How Do I Get Compliant?

Sign up for a demo today

Schedule a demo

Key Resources for Compliance

You wouldn’t navigate the jungle without the right equipment; you shouldn’t navigate California’s privacy landscape without the right equipment, either. 

Don’t worry, you don’t need a machete, tent, or mosquito netting—when it comes to data privacy compliance, knowledge is the best gear to equip yourself with.

Find it here, in your CPRA Survival Kit. We’ve gathered all of our most informative resources on the CPRA here, so you can quickly find the most relevant answers to your questions.

What is the CPRA?

CPRA Overview

Are you subject to the California Privacy Rights Act (CPRA)? What are its primary requirements What penalties could you incur? Learn the answer to these questions and more in this blog article:

A Deeper Dive

For those looking for a deeper dive into the CPRA questions, we field the most, download our free and ungated FAQ eBook: 


Why Is it Important?

Fines That Add Up

Privacy-minded individuals understand that respecting consumers' rights is inherently worthwhile, but data privacy compliance also saves businesses money and reduces risk.

Businesses that violate the CPRA are subject to:

  • $2,000 per offense for mistake
  • $2,500 per offense for negligent mistakes
  • $7,500 per offense for willful offenses

This adds up! Each affected individual counts as one offense, so if a data breach exposes thousands of customers’ data, the penalty could be in the millions of dollars.

The Sephora Example

Take beauty retailer Sephora—the California Attorney General gave them 30 days to fix CCPA violations on their website, but they didn’t make the deadline in time. As a result, they were hit with a $1.2 million fine in what became the first official enforcement action of the CCPA.

We dive deep into what went wrong and how the penalty came about in our blog: 

Read it to learn more about the penalties that noncompliance invites and how best to minimize your own risk.

What Do I Need to Do?

Start With the Basics

For businesses subject to any of the five laws coming online in 2023, we recommend following along on this checklist:

It covers the basics that you need for compliance with any privacy law, including the CPRA.

DSAR Overview

Learn or remind yourself of the basics of data subject access requests:

Have a DSAR Process That Includes Your Employees

One of the most unique features of the CPRA that businesses must be aware of is how the law treats data subject access requests (DSARs). Unlike other state privacy laws, the CPRA allows employees to make DSARs. Learn more about how this elevates complexity and risk in our infographic: 

Consent Requirements Under CPRA

And, as with all omnibus data privacy legislation, businesses need to be aware of how the law treats consent for data collection, processing, and transfers. Under the CPRA, businesses need to offer a means for consumers to:

  • Opt out of the sale or sharing of their personal information
  • Request businesses to limit the use of their sensitive personal information to only what is necessary for the business to provide its core product or service

To dig deeper into the consent requirements under the CPRA, review our blog: 

How Do I Get Compliant?

Find a CMP That Works for You

Consent Management Platforms (CMPs) are a professional’s best friend when it comes to CPRA compliance. They help you: 

  • Collect
  • Record
  • And act on user consent

Many CMPs provide additional functionality to support compliance, like managing and executing DSARs.

Knowing that a CMP is an essential component to CPRA compliance is one thing; knowing which is the right CMP for your organization is another matter entirely. When evaluating CMPs, use our scorecard template, a downloadable spreadsheet that identifies essential categories to evaluate and questions to ask when comparing different CMPs. 

Check Out What Osano Can Do for You

As a CMP vendor, Osano is well aware of the individual challenges posed by the CPRA and the ways in which we can help businesses overcome them. Find out how we can support your business in our guide: 

And of course, if you’d rather skip the reading and talk to somebody in person about how we can help your business, just schedule a demo.

Get a demo

Want to See How Osano Can Help?

Talk to our team of product experts by scheduling a demo.