CPRA compliance
CPRA compliance
Get ready for the California Privacy Rights Act (CPRA)
What to expect
July 2023: CPRA enforcement begins
California consumers have new rights:
- Refuse the sale or sharing of their data, with mandatory opt-in for sensitive information.
- Request corrections or deletion of their data, with businesses responsible for notifying third parties.
- Inquire about data retention durations and the criteria for these periods.
- Decline the use of automated decision-making and profiling by businesses.
As a business, you have new obligations:
- Display a privacy notice about personal information collection.
- Facilitate user rights through Data Subject Access Requests (DSARs).
- Minimize data collection and restrict usage purposes.
- Implement risk assessments and adhere to cybersecurity standards.
Financial and reputational risks for a business:
- Intentional violations: Fines up to $7,500 per impacted user.
- Unintentional violations: Fines up to $2,500 per impacted user.
- No more 30-day cure period under CPRA, unlike CCPA.
- Risk of reputation damage and customer loss. 40% of consumers would switch brands after a negative privacy experience*
* source: Google/IPSOS
Learn more about CPRA
What is the digital impact of CPRA?
CPRA - METRICS
Impact on analytics
If users opt out of your CPRA privacy notices, you cannot measure analytics performance (sessions/sales) or share data across your MarTech ecosystem.
Important: server-side tracking is not exempt. If users opt-out, you’ll need to calculate performance with data modelling.
CPRA - MARKETING
Impact on media performance
As a business, your ability to run remarketing audiences depends on users agreeing to your CPRA privacy notices and staying opted in to processing their personal data.
If users opt out, you cannot track conversions, resulting in lower in-platform performance and fewer data points for AI optimization.
If you are a site publisher, you won't be able to maximize advertising revenue if users opt out.
CPRA - UX
Impact on user experience
Mapping out the customer journey is much harder if users opt-out of CPRA notice.
Gaining user trust is the key, ensuring their choices are respected and giving them simple and transparent ways to access their data at all times.
Clear language, reliable technology and attractive interfaces help to avoid bounce (i.e., when users leave a website due to confusing or off-putting privacy notices).
Didomi helps you manage requirements
for CPRA and privacy laws worldwide.
ANY DEVICE, ANY ENVIRONMENT
Consent management
Ensure user choices and transparency in all countries and devices.
Create privacy notices that reflect your brand while easily managing your site vendors and purposes.
Generate proofs of consent in a few clicks, from a single source of truth.
Measure and optimize consent rates with advanced Analytics.
Detect, apply and respect Global Privacy Control (GPC).
DSAR MADE EASY
Streamlined fulfilment of Privacy Requests
No more manual handling of requests.
Intuitive processes that reassure website users and ease the burden on your own team.
Monitoring of key metrics to optimize your DSAR flow and improve spend per request and turnaround time.