CPRA compliance

Get ready for the California Privacy Rights Act (CPRA)

Understand how CPRA will impact your business and digital activities, and how Didomi can help solve key challenges.

What to expect

July 2023: CPRA enforcement begins

California consumers have new rights:

Refuse the sale or sharing of their data, with mandatory opt-in for sensitive information.
Request corrections or deletion of their data, with businesses responsible for notifying third parties.
Inquire about data retention durations and the criteria for these periods.
Decline the use of automated decision-making and profiling by businesses.

As a business, you have new obligations

Display a privacy notice about personal information collection.
Facilitate user rights through Data Subject Access Requests (DSARs).
Minimize data collection and restrict usage purposes.
Implement risk assessments and adhere to cybersecurity standards.

Financial and reputational risks for a business:

Intentional violations: Fines up to $7,500 per impacted user.
Unintentional violations: Fines up to $2,500 per impacted user.
No more 30-day cure period under CPRA, unlike CCPA.
Risk of reputation damage and customer loss. 40% of consumers would switch brands after a negative privacy experience*

* source: Google/IPSOS

Learn more about CPRA

CPRA checklist

Download the CPRA checklist

Learn more

DSAR whitepaper

Why DSAR management is key for CPRA

Learn more

Latest webinars

Access our latest webinars on CPRA and other privacy topics

Learn more

What is the digital impact of CPRA?

CPRA - METRICS

Impact on analytics

If users opt out of your CPRA privacy notices, you cannot measure analytics performance (sessions/sales) or share data across your MarTech ecosystem.

Important: server-side tracking is not exempt. If users opt-out, you’ll need to calculate performance with data modelling.

CPRA - MARKETING

Impact on media performance

As a business, your ability to run remarketing audiences depends on users agreeing to your CPRA privacy notices and staying opted in to processing their personal data.

If users opt out, you cannot track conversions, resulting in lower in-platform performance and fewer data points for AI optimization.

If you are a site publisher, you won't be able to maximize advertising revenue if users opt out.

CPRA - UX

Impact on user experience

Mapping out the customer journey is much harder if users opt-out of CPRA notice.

Gaining user trust is the key, ensuring their choices are respected and giving them simple and transparent ways to access their data at all times.

Clear language, reliable technology and attractive interfaces help to avoid bounce (i.e., when users leave a website due to confusing or off-putting privacy notices).

Didomi helps you manage requirements
for CPRA and privacy laws worldwide.

ANY DEVICE, ANY ENVIRONMENT

Consent management

Ensure user choices and transparency in all countries and devices.

Create privacy notices that reflect your brand while easily managing your site vendors and purposes.

Generate proofs of consent in a few clicks, from a single source of truth.

Measure and optimize consent rates with advanced Analytics.

Detect, apply and respect Global Privacy Control (GPC).

DSAR MADE EASY

Streamlined fulfilment of Privacy Requests

No more manual handling of requests.

Intuitive processes that reassure website users and ease the burden on your own team.

Monitoring of key metrics to optimize your DSAR flow and improve spend per request and turnaround time.