CCPA Explained

CCPA takes a broader view of personal data

The California Consumer Privacy Act (CCPA) came into effect on 1 January 2020. It brings compliance obligations for most businesses that collect personal information about California residents.


The reach of the CCPA goes beyond California and the US; it may apply to businesses based in the UK depending on the level of interaction with California residents and their personal information. UK-based businesses should understand the CCPA exposure risk, since the compliance requirements differ in some material ways from GDPR and the UK DPA.

CCPA top RH image

Who does it apply to?

The CCPA applies to for-profit legal entities (or sole proprietorships) that a) do business in the State of California; b) Collect personal information of California consumers or c) determine the purpose and means of processing California consumers' personal information;

and either; 1) have annual gross revenues in excess of $25 million; 2) buy, sell, receive, or share for commercial purposes the personal information of at least 50,000 California consumers, devices or households, on an annual basis; or 3) derive at least 50% of annual revenues from selling the personal information of California consumers.

As the CCPA applies to for-profit entities that "do business" in the State of California, the CCPA has extraterritorial reach. It can apply to businesses located outside of California, and outside of the US, that satisfy the criteria set out above.

CCPA image2

Get in touch today

Finding this hard to understand? Then get in touch and let us help you secure your data to help comply with CCPA.

Get in touch today

Time to find out more


As with any data security regulation there are specific requirements that businesses will have to meet. We don’t seek to cover all these here, only to give you the top line about regulations that can impact your contact centre services.


The CCPA aims to give the people of California the same protections as EU residents have under the General Data Protection Regulation. It's one of the most wide-reaching data protection laws in the United States and it's extremely important that you understand how to comply with it.


For more detailed information please consult The State of California Department of Justice.

laptop with headset

Get in touch today

Finding this hard to understand? Then get in touch and let us help you secure your data to help comply with MiFID II and PCI DSS.

Get in touch today