CCPA Compliance​

There are Major Ramifications in Regulations That Impact How Businesses Operate.​

The New California Privacy Law​

California has taken substantive action to protect consumer data within the state. Passed in 2018, the California Consumer Privacy Act (CCPA) came into force on January 1, 2020 and its chief objective is the regulation of standards surrounding consumer data, privacy guidelines, and new data rights.

Many businesses must be CCPA compliant, but the regulations do not apply to all. Given the comprehensive and complex nature of the CCPA, it is vital that businesses ensure they are knowledgeable on the compliance standards and take proactive steps to be compliant. Moreover, the CCPA can be changed by lawmakers in the future, making it an evolving set of standards. Contact us at CDG for more information on the CCPA and to receive expert security guidance.

Businesses That Must Be CCPA Compliant

A business does not need to be located in California for it to have a legal duty to be CCPA compliant. The CCPA deals with a legal entity who provides goods or services to California residents and, thereby, uses California consumer data. If a business meets one of the following criteria, it will be required to meet CCPA compliance; has an annual revenue of at least $25 million, gathers or accesses personal data of at least 50,000 California consumers, or earns half of its revenue from California consumer data.

However, a business need not be CCPA compliant if every aspect of its business transaction occurs outside of California, while the Californian is not located in the state, and the resident’s data is not collected.

What is Compliance?

Consumer Data

Consumer data as described by the CCPA concerns personal information that could be used to identify a California resident. Such personal information includes names, addresses, products purchased, consuming history, and internet activity. In order to protect consumer data, businesses must meet the compliance standards. Some of the standards include latest consumer rights, such as persons having the ability to view and delete the consumer data a business may have collected.

Detailed compliance regulations

Detailed compliance regulations include, but are not limited to, updating company privacy policies, training employees on the proper use, procedures and handling of data, using secure data inventories that are frequently updated, accounting for new user rights and preparing for consumer data requests, and ensuring database administrators have the tools necessary for the secure tracking and storing of personal information.

CMMC is a standard for organizations in the United States which work with the Department of Defense (DoD). The CMMC covers the cybersecurity controls for Confidential Unclassified Information (CUI).


Avoid a Data Breach Event and CCPA Fines:

CCPA Violations

Violating CCPA regulations

Currently, the California Attorney General deals with CCPA enforcement, with enforcement mechanisms coming into effect on July 1, 2020. Consumers can sue a business if they believe the business violated CCPA regulations. A lawsuit can result in a business facing high penalties and civil damages. Furthermore, the Attorney General also has the authority to prosecute a business for a CCPA violation.

Cyber Defense Group

If you are interested in learning more about how we can help with CCPA Compliance, please call us or fill out the contact form provided. We look forward to helping you.

Security Compliance Types


ISO27001 is an international standard for information security, published by the International Organization for Standardization. Organizations that meet ISO27001 criteria can be certified against the standard to demonstrate their ongoing commitment to data protection and information security.


SOC2 was developed by the AICPA for managing customer data based on “trust service principles”. SOC2 is primarily used for companies operating within the United States.


CMMC is a standard for organizations in the United States which work with the Department of Defense (DoD). The CMMC covers the cybersecurity controls for Confidential Unclassified Information (CUI).

NIST 800-53

In order to prevent mass variance, the National Institute of Standards and Technology (NIST) – a non-regulatory part of the Department of Commerce – constructed a set of standards for all federal agencies to follow: the NIST Special Publication 800-53.


The Health Insurance Portability and Accountability Act is a US law enacted in1996 which governs the data protection and privacy of health records.


The European General Data Protection Regulation is a data protection and privacy regulation for EU citizens. Any company operating within the EU borders must conform to this regulation.


The California Consumer Protection Act is a California data protection and privacy law for residents of California. Most companies which hold information on California residents are subject to this regulation.

CIS 20

The CIS 20 is a list of 20 actions and practices an organization’s security team can take on such that cyberattacks, or threats, are minimized and prevented.

Protected Clients

We protect our clients from cyber criminals, and we create robust security programs which can withstand current and future threats.

Contact CDG

We mobilize and launch a complete investigation of any suspected incident within 24 hours.

Incident Response

If you have been the victim of a cyber attack, contact us right now.

CCPA | CCPA Consulting