CCPA / CPRA

Required for companies meeting California's applicability thresholds. Penalties raised in 2025 to $7,988 per consumer (intentional), no cap on total. Significant policy overlap with GDPR, efficient add-on.

Schedule a scoping call →

Related frameworks

CCPA is almost always paired with GDPR.

If you have California consumers you usually have EU users too. A single privacy program covers both with ~70% shared infrastructure, plus state-specific opt-out mechanics.

CCPA / CPRA

California consumer privacy

GDPR

70% overlap

SOC 2

Security baseline

Colorado CPA

Same privacy stack

Virginia CDPA

Same privacy stack

CPPA rulemaking

Ongoing enforcement

Compare these frameworks side-by-side →