Comply with the California Consumer Privacy Act of 2018 (CCPA) using Alyne

In June 2018, California enacted the California Consumer Privacy Act (CCPA). It is one of the broadest and most comprehensive privacy laws in the United States to date. This bill is introduced to enhance privacy rights and consumer protection for residents of California. The bill was passed on June 28, 2018, to amend Part 4 of Division 3 of the California Civil Code. The CCPA becomes effective on January 1, 2020.

With its extensive set of controls around data protection and privacy, Alyne provides comprehensive coverage of CCPA. Organisations can leverage Alyne’s Control Set created exclusively around CCPA to comply with, identify existing gaps and follow a best practice approach.

Your Mission Control for navigating the Cyber, Risk & Compliance space


Entities which need to comply

The CCPA applies to any for-profit entity that:

 (i) does business in California

(ii) collects personal information of California residents (or has such information collected on its behalf)

(iii) determines on its own or jointly with others the purpose and means of processing that information

(iv) meets one or more of the following criteria:

  • Has annual gross revenues in excess of $25 million, adjusted for inflation
  • Annually buys, receives for a commercial purpose, sells or shares the personal information of 50,000 or more consumers, households or devices
  • Or derives 50 percent or more of its annual revenues from selling consumers’ personal information.

Alyne CCPA Features

To comply with CCPA, organizations could leverage Alyne's developing CCPA capability by:

Use the custom control set exclusively created around CCPA to set controls

Send out assessments to relevant stakeholders to analyze the current state of compliance

Create and analyze risk reports to find out potential gaps and risks in the related areas

CCPA Control Set


Detailed Risk Insight

Register potential risks and set up mitigation tasks to comply with the CCPA

Register Risks

Users can opt for the out-of the box predefined controls from Alyne library around CCPA as Mitigation Tasks or customise the tasks based on requirements

A business must disclose the personal information collected, sold, or disclosed for a business purpose about a consumer.


A business that collects a consumer's personal information must, at or before the point of collection, inform the consumer as to the categories of personal information to be collected and the purposes for which the categories of personal information shall be used. A business must disclose and deliver the personal information the business collected about the consumer in response to a verifiable consumer request.


A business must delete the personal information the business collected about a consumer and direct service providers to delete the consumer's personal information in response to a verifiable consumer request, subject to certain exceptions.


A business must not discriminate against a consumer who exercises any of the consumer's rights under the CCPA.


A business that sells consumers' personal information to third parties needs to provide notice to consumers thereof and that consumers have the right to opt out of the sale of their personal information. A business must provide a "Do Not Sell My Personal Information" link on its Internet homepage that links to an Internet webpage that enables a consumer to opt out of the sale of the consumer's personal information.


A business must describe in its online privacy policy or in any California-specific description of consumer privacy rights the following, which must be updated at least once every 12 months.


Consumer Rights under the CCPA

Sign up for more

Fill in your details below and a member of our team will be in touch to tell you more about Alyne's CCPA capabilities.

Visit our website for Alyne's full capabilities


Copyright @ Alyne 2019 All Rights Reserved