This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Privacy Platform for California Privacy Rights Act (CPRA)

CPRA changes are effective January 1, 2023. Align your data privacy program and future-proof your company for an evolving U.S. privacy landscape — with a privacy platform that builds trust and eliminates risk.

California consumer protection act, California privacy rights act on Map of California

It's time to uphold people's privacy rights. DataGrail powers the world's most trusted companies to understand and satisfy CCPA/CPRA requirements.

What is California Privacy Rights Act (CPRA)?

CPRA is effective January 1, 2023.

The California Privacy Rights Act is legislation that updates, expands, and amends 2018’s California Consumer Privacy Act (CCPA). It includes employees, contractors, and business contacts as “consumers” (data subjects), creates new obligations for handling "sensitive personal information," and grants all Californians strengthened rights over their personal data.

It also introduces GDPR-style data minimization, use limitation, and risk mitigation obligations.

Who does CPRA apply to?

CPRA applies if you have:

  1. More than $25M in annual gross revenue (revenue generated anywhere, not just California).
  2. More than 100K consumers, households, or devices in your database (under CCPA it was <50K).
  3. At least half yearly income from selling or exchanging personal information about customers.

Make CPRA Your Differentiator

Respect Personal Data Decisions

Data Subject Requests

Employees and consumers alike have the right to ask businesses to access and delete their data. Automate the process for them to build brand trust and save your team’s time.


Put the Power in Consumers' Hands

Opt-Out Support

Consumers are increasingly opting out of their data being shared for advertising purposes. Lead with respect and prevent their data from being sold, bartered, exchanged, or monetized.


Go Beyond the Template

Privacy Assessments

When it comes time to complete a Data Protection Impact Assessment (DPIA) or Privacy Impact Assessment (PIA), rely on a solution that leverages 1,700+ deep integrations to auto-populate responses.


Future-Proof Against Risk

Uphold Brand Trust

The legislative landscape around privacy is changing every day. DataGrail keeps request policies and functionality up-to-date to support compliance with CPRA, GDPR, and whatever comes next.


"DataGrail is a trusted partner in helping us become much more efficient in honoring our customers’ privacy rights."

Ben Casady

Director of Privacy Compliance

How DataGrail Can Help

It's time to see what a Privacy Control Center can do for you.

CPRA Requirements

Handle It with DataGrail

Centralize privacy requests (DSRs) like Access, Deletion, Portability and others

Request Manager

Branded intake forms, Operations Dashboard, search and filters

Verify requestor identity, proportionally

Request Manager

Smart Verification™ using pre-existing data with Authorized Agent support

Fulfill DSRs safely, collaboratively and on time

Request Manager

Customizable SLAs and workflows, authorized handoffs and alerts

Honor Do Not Sell or Share opt-out requests

Request Manager

Multichannel handling with GPC opt-out signal recognition

Document your data and processing purposes

Live Data Map

Auto-detect systems and personal data types, generate dynamic RoPAs

Maintain data maps and processing records

Live Data Map

Proprietary taxonomy and exports driving standardized summaries

Conduct Data Protection / Privacy Impact Assessments

Risk Monitor: Assessments

Assess vendors and high-risk processing activities at scale

Take holistic stock of your privacy footprint

Integration Network

Tight integrations with 1,800+ apps and platforms, from salestech to HRIS

Focus your internal teams on their most strategic work

Managed Services

Access to a dedicated privacy manager who helps build a scalable program and manage DSR processes

Get Up to Speed Fast on CPRA


Official Guide to CCPA

In this guide, we unpack the most important CCPA updates to explore how you can best prepare your privacy and data protection program.

Read the Guide

5 Things to Know: CPRA, Cookies and Consent

As of Jan. 1, 2023 businesses must give Californians a clear opt-out option when asking to “share” their data with adtech companies and related analytics providers, with few legal exceptions.

Read the Guide

CISOs Guide to CPRA

Big changes come into play with CPRA. Learn what the top big changes are, and how to modify your privacy program to stay in privacy compliance and reduce risk.

Read The Guide

CPRA Compliance

Learn how to establish data privacy protections, when your organization needs to be ready, and what CPRA requirements entail.

Get the Checklist

CPRA and Employee Rights

Starting January 1st, 2023, Californian employees gain privacy rights. DataGrail's guide untangles how this new regulations impacts your business, and how to prepare.

Read the Guide

"DataGrail helped us reduce compliance risk. Our adoption of DataGrail has only increased over time and it's great to have a knowledgeable partner as we look to the next year with CPRA going into effect."

Verified User in Software

Mid-Market (51-1000 emp.)

Resources for every step
of your data privacy journey

The CISO’s Guide to CPRA
Learn More
Meet DataGrail: On-Demand
Learn More
Data Privacy Solution Buyer’s Guide
Learn More
Curious about how it all works?
Learn more about the DataGrail Platform

Whether you're an expert or just starting out, join the privacy community for professionals who lead with trust.

Learn More