California Consumer Privacy Act (CCPA) Compliance Program

VeraSafe’s privacy attorneys and advisors help you comply with America’s most complex privacy law.

America’s most rigorous privacy law came into effect on January 1, 2020. The CCPA imposes new compliance requirements on businesses that collect, use, and disclose personal information. Additionally, it creates broad new data privacy rights for California residents, making it necessary for enterprises that do business with California residents, regardless of the place of incorporation and physical establishment, to rethink their personal data processing practices.

Take the first step towards CCPA compliance today by contacting VeraSafe for a free consultation.

Thank You

Thank You!

We’ll be in contact shortly.

VeraSafe’s CCPA Compliance Program

Your CCPA compliance journey will be led by our knowledgeable in-house U.S. and European attorneys and consultants with hands-on experience in global privacy regulation (such as the GDPR), technologists, and experienced project managers. You’ll benefit from a wide breadth of experience and a genuinely cross-functional CCPA-consulting team.

VeraSafe will identify any potential gaps between your organization’s practices and the requirements of the CCPA, and then help you implement risk-based corrective actions. Our advice will be attuned to the budget, risk tolerance, and needs of your organization.

VeraSafe’s CCPA program includes:

Mapping of CCPA-Regulated Data Stores & Data Flows

VeraSafe will guide you through a discovery exercise to build an inventory of the Personal Information (“PI”) that your business collects, stores, and shares with others. Apart from being the basis of your entire CCPA compliance project (and other privacy laws, such as the GDPR), mapping your personal data promotes organizational hygiene, helps illuminate problematic practices and security risks, and uncovers operational inefficiencies.

Transparency Obligations

VeraSafe will review and revise your organization’s privacy policies, including client and employee facing privacy notices, or draft new privacy notices to comply with the CCPA.

Consumer Rights Implementation

Our experts will analyze each information system within the scope of your exposure to the CCPA and identify instances where changes need to be made to prepare to honor consumer rights requests such as those concerning the right to object to the sale of one’s information, the right to deletion, and the right to request information. Next, VeraSafe helps you mitigate all compliance gaps (from both a legal perspective and technical perspective) and design practical solutions to achieve compliance. VeraSafe will also review your websites and advise and assist you with the “Do not Sell My Information” requirement.

Negotiation of Vendor Agreements

VeraSafe can lead the successful renegotiation of contractual terms with your vendors, as required by the CCPA, in order to avoid the provision of personal information to those vendors being classified as a sale of such information (from which Californian consumers may opt-out). Further, VeraSafe will ensure that those vendors are obliged to assist you in satisfying your own CCPA obligations, where relevant.

Our mature vendor management methodology includes an internal database of key contacts and tried-and-true procedures used to negotiate with common vendors. VeraSafe is your ideal partner when it comes to vendor compliance.

Incident and Data Breach Response Planning

VeraSafe will help you to develop a rapid response plan for any potential incident, such as a data breach, that would allow California residents to exercise their private right of action (i.e., a lawsuit against your business for failure to comply with the CCPA). Infringements of the business’ duty to maintain reasonable security procedures and practices are subject to statutory penalties that range between USD$100 and USD$750 per incident (e.g., per record of breached data), additional actual damages, and injunctive relief.

IT Vulnerability Assessment and Penetration Testing

VeraSafe can simulate a real-world cyber-attack on your business, which can unlock vulnerabilities in your applications, networks, devices, and staff, with the objective of identifying weaknesses before hackers do. Click here for more information regarding our penetration testing services.

Privacy and Data Security e-Learning Personal Data Security Awareness and Training

VeraSafe provides a proprietary all-in-one privacy and security training program: PrivacyTrain. This integrated learning management system includes popular computer-based training content, which can be applied across your entire organization to reduce the risk of a devastating data breach caused by employee error. Detailed reporting helps you document and demonstrate compliance.

Key contacts

Matthew Joseph

Matthew Joseph


Managing Director

Jim Cormier

Jim Cormier


Senior Vice President and Head of Professional Services

Learn how VeraSafe can take on the challenge of CCPA implementation in your organization.

Why VeraSafe?

Track record of successful privacy engagements across industries.

Work directly with our in-house team of US and European privacy attorneys, IT experts, and project managers.

Strategic, risked-based approach to compliance.

Fully customizable project plan and templates, tailored to fit your needs.

Reasonable, flexible fee structure and fully customizable engagement scope.

Holistic approach: Our broad expertise ranges from privacy law to cybersecurity operations.