Privacy Platform for Colorado (CPA)
Colorado CPA commences July 1, 2023. Future-proof your company in an evolving US privacy landscape — with a privacy platform that scales to your compliance needs.
People demand control of their privacy rights. DataGrail powers the world's most trusted companies to understand and satisfy CPA requirements.
What is CPA?
Colorado's CPA is effective July 1, 2023.
The Colorado Privacy Act (CPA) provides comprehensive consumer privacy protections and expands consumer privacy rights for Colorado residents, including through opt-out preference signals.
Sharing commonalities with the CPRA and VCDPA, CPA establishes new, modernized definitions for personal data. It enshrines European-style necessity and proportionality principles, tackles data monetization through "sales" and targeted ads, and creates enforceable obligations -- notably conducting "genuine" privacy risk assessments.
Who does CPA apply to?
CPA applies when in the State you:
- Collect personal data from 100,000 Colorado residents; or
- Collect data from 25,000 Colorado residents and derive revenue from the sale of personal data.
- There is no annual revenue threshold or consideration for company size.
Some CPA obligations do not apply to B2B organizations. It also has numerous entity-level and data-level exemptions, notably for data subject to US federal laws such as GLBA, HIPAA and FCRA.
Operationalize CPA Compliance
Respect Personal Data Decisions
Data Subject Requests
Consumers have the right to ask businesses to access and delete their data. Automate the process for them to build brand trust and save your team’s time (and money).
Put the Power in Consumers' Hands
Opt-Out Support
Consumers are increasingly opting out of their data being “sold”, including for advertising purposes. Lead with respect and prevent their data from being sold, bartered, exchanged, or monetized.
Go Beyond the Template
Privacy Assessments
When it comes time to complete a Data Protection Impact Assessment (DPIA) or Privacy Impact Assessment (PIA), rely on a solution that leverages 1,800+ deep integrations to auto-populate responses.
Future-Proof Against Risk
Uphold Brand Trust
The legislative landscape around privacy is changing every day. DataGrail keeps request policies and functionality up-to-date to support compliance with international and US state privacy laws, and whatever comes next.
“DataGrail has supported and guided us through CCPA, CPRA, and GDPR compliance.””
How DataGrail Can Help with CPA
It's time to see what a Privacy Control Center can do for you.
CPA Requirements
Handle It with DataGrail
Get Up to Speed Fast on CPA
CPA Explained
Learn about the Colorado consumer privacy law, its requirements for businesses, and what this means in relation to the CCPA/CPRA and a holistic privacy management program.
'Do Not Sell' Compliance
The Californian right to opt-out of data "sales" has been adopted into other US State privacy laws, including CPA. CPRA co-author Rick Arney weighs in on the underlying issues affecting all US businesses.
Data Protection Impact Assessments
Learn what DPIAs are, what they require, and why they are an essential to your privacy management program.
“DataGrail helped us reduce compliance risk. Our adoption of DataGrail has only increased over time and it's great to have a knowledgeable partner as we look to the next year with CPRA going into effect.”
Mid-Market (51-1000 emp.)
Resources for every step
of your data privacy journey
Whether you're an expert or just starting out, join the privacy community for professionals who lead with trust.
Join the Community