CCPA Compliance Checklist: Three Week Countdown – Maintaining Records of Consent

The California Consumer Privacy Act (CCPA) is less than three weeks away from going into effect, and we’re getting prepared with our CCPA Compliance Checklist blog series. Last week, we discussed how it’s important to create a toll-free number for consumers to make data requests over the phone. This week, we’ll cover the importance of maintaining detailed, ongoing records of consent to demonstrate full compliance.

CCPA Compliance Checklist

1. Understand what the CCPA is and if it applies to you
2. Determine what data is collected from California consumers and for what purposes they are used
3. Inform visitors what personal information is collected when visiting your website
4. Offer an online form for consumers to access, request deletion, or opt-out of sales of their personal information  
5. Add a “Do Not Sell My Personal Information” link to our website’s homepage and any page that collects personal data
6. Create a toll-free number for consumers to make consumer rights’ requests over the phone
7. Maintain detailed, ongoing consent records for compliance   
8. Develop a process to respond to consumer requests within 45 days from when the request was made  
9. Obtain opt-in consent from children between ages 13-16 to sell their information; a parent or legal guardian required to opt-in on behalf of children under 13 years old  
10. Provide consumers who exercise their privacy rights the same products and service quality

Respond to Consumer Requests

The CookiePro Consumer and Data Subject Rights Management solution enables organizations to automate task delegation throughout the fulfillment process, validate identities, streamline the data collection process, offer a secure two-way communication portal, and maintain adequate records of communication to demonstrate compliance.

By leveraging intake templates and automated workflows, businesses are able to direct the fulfillment process, assure proper fulfillment, and improve fulfillment times with the ability to scale their program when an influx of requests is received.

Automate Fulfillment

• Fully automate any manual tasks involved in fulfilling consumer rights requests
• Find and retrieve consumers’ data across cloud-based and on-premise systems to assist in fulfilling requests
• Integrate with common business apps, such as CRMs, Marketing Automation, CASBs, CMDBs, and more

Response Templates

• Leverage built-in CCPA response templates and track against the 45-day response window
• Enable and track 90-day extensions as well as communicate extension requests to consumers
• Monitor for excessive requests with the ability to limit consumers to two requests within a 12-month period

Tracking and Reporting

• Maintain a complete record of data subject request activities to demonstrate compliance with data protection regulations. Capture data subject contact information, details of the request, when and how the request was completed, as well as your response to the request.
• View the complete lifecycle of a request, including auditable details of every data subject interaction. Generate a full audit report of each data subject request.