Skip to main content

CCPA & CPRA Gap Assessments for Business in California and Throughout North America

CCPA & CPRA Gap Assessments for California's Data Privacy Mandates

The California Consumer Privacy Act (CCPA) is without question landmark legislation enacted to give consumers greatly enhanced privacy rights and protection clauses within the state of California. As an organization, if you’re doing business in the state of California that meets one or more of the following criteria, then it’s time to get serious about CCPA compliance:

  • Has annual gross revenue of more than $25 million;
  • Buys, receives, sells, or shares the personal information of 50,000 or more consumers, households or devices, per year; or
  • Derives at least 50 percent of its annual revenues from selling consumers’ personal information.

Then, on November 3, 2020, California voters approved a ballot initiative, enacting the California Privacy Rights Act (CPRA), effectively amending the CCPA to create the most sweeping consumer data protection law in the United States.

Five-Step Process for CCPA & CPRA Gap Assessments

Centris offers CCPA & CPRA Gap Assessments for businesses seeking assistance with what’s arguably the most demanding and comprehensive data privacy regulation in the United States. Centris’ five-step CCPA & CPRA Gap Assessment process consist of the following phases:
 

(1) Defining Scoping Considerations:

Combined, the initial CCPA legislation and the newly mandated CPRA requirements are creating huge challenges for businesses having to comply with California’s sweeping data privacy measures. Therefore, it’s essential to assess and validate the following critical scoping issue when beginning a CCPA & CPRA assessment:

  • What types of categories of personal data (per CCPA 1798.140) is deemed in scope for CCPA & CPRA?
  • How is personal data being collected, used, shared & disclosed, stored, protected, retained, and disposed of?
  • What third-parties are also considered in scope for the CCPA & CPRA, why, and do they have proper controls in place?
 

(2) Assessing Data Privacy Requirements & Gaps:

The operational aspects of CCPA & CPRA compliance are far-reaching indeed as businesses need to ensure that various H.R., legal, privacy, and other prescriptive requirements are met for compliance with regards to the CCPA codes of 1798.100 to 1798.199.100. With Centris, we have a customized checklist used for ensuring full coverage of all the CCPA and CPRA codes.

 

(3) Assessing Information Security Requirements & Gaps:

Per code 1798.100, “…A business that collects a consumer’s personal information shall implement reasonable security procedures and practices. Centris will do a deep dive in identifying what “…reasonable security procedures and practices…” are in place, what gaps exist, and next steps necessary for correcting security control deficiencies in terms of technical controls and policies and procedures.

CENTRIS

Leaders in Security & Regulatory Compliance

Risk Strategies & Methodologies
Risk management planning reduces exposure to a wide-range of issues that could have detrimental effects on a business. Not knowing, planning, or responding to risks and related issues can leave an organization with few options in combating risks when they actually surface.
Strategic Planning & Integration
Every organization is moving towards a digitized business model, so isn’t it time to strategize on some of the most critically important elements for your business?
Regulatory Compliance Experts
Build scalable, adaptable, and efficient compliance solutions for increased organizational efficiency, while also improving core InfoSec, cybersecurity, operational and data privacy controls and best practices.

Non-Compliance with the CCPA & CPRA Can Be Very Costly


According to a statement from the California Attorney General, businesses that include data brokers, marketing companies, media outlets, online retailers, and entities handling children’s information were found to be in violation of the CCPA in recent years. As such, California’s AG published a list of enforcement examples in which notices of CCPA noncompliance were sent to businesses, for which such issues cited included the following:

  • Not providing required notices to consumers.
  • Non-compliant service provider contracts.
  • Non-compliant privacy policy.
  • No “Do Not Sell My Personal Information” link on a website’s homepage.
  • Not providing a Notice of Financial Incentive to consumers.
  • Non-compliant opt-out process.
  • Not providing a toll-free number for consumers making CCPA requests.
  • Sales of minors’ personal information.
 

(4) Assessing Documentation Requirements & Gaps:

Policies and procedures are a heavy mandate for the CCPA & CPRA, much like many of today’s regulations. Centris can quickly identify policy and procedure gaps, along with offering comprehensive remediation services for developing all required information security, cybersecurity, operational, and human resources documentation as required within the stated CCPA and CPRA codes.

 

(5) Remediation Activities:

Almost any organization undertaking a CCPA & CPRA gap assessment will have found areas requiring remediation as the scope and reach of both the California Consumer Privacy Act and the California Privacy Rights Act can be massive. From helping establish tighter information security controls to developing robust policies and procedures – and more – we offer a full menu of CCPA & CPRA remediation services.

With Centris, we offer a wide range of data privacy, cybersecurity, and regulatory compliance solutions and services, including assessments & programsdata governancedata mappingPIADPIAGDPR assessments, CCPA/CPRA assessments, international international privacy assessments, U.S. state privacy assessments, EU Cloud Code of Conduct, Microsoft SSPA/DPR, along with data privacy programs.

Why Centris for CCPA & CPRA Gap Assessments?

  • Proven methodology that’s quick, comprehensive – and with fixed-fee pricing.
  • Experts at remediating CCPA & CPRA gaps and documentation deficiencies.
  • Experience in working with all industries and sectors relating to CCPA & CPRA.

Additional Related Services


    Protect Your Digital Systems & Ensure Compliance at All Levels

    From robust security and compliance solutions to risk analysis and corporate strategy - partner with CENTRIS for enterprise resilience.