Skip to content

California and CCPA Compliance Advisory Services

Helping organizations navigate California privacy compliance. 

VeraSafe helps organizations navigate California’s privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the CCPA regulations, data broker laws, the California Invasion of Privacy Act (CIPA), the California Age-Appropriate Design Code (AADC), the California Customer Records Act, California data breach assessments, and more.  

Trusted by leading organizations worldwide:

PW_167x110
AC_262x110
BN_300x110
AE_300x110
VF_300x110
BG_300x110
WB2_143x110
FT_300x110
RB_300x110
NGS_226x110
AZ2_239x110
PS_112x110
SX3_344x110
DS_300x110
CS_136x110
PH_300x110
PT_300x110
AM_300x110
RR_300x110
AVE_197x110
PM_275x110
KF_300x110
QA_229x110
DRI_247x110
BL_120x110
GLY_300x110
NEX_240x110
KM2_300x110
PA_300x110
SA_257x110
TEX_300x110
WE_271x110
ZI_300x110
WM2_132x110
MM_259x110
SO_300x110
SEC_188x110
BC_300x110
EVE_300x110
PW_167x110
AC_262x110
BN_300x110
AE_300x110
VF_300x110
BG_300x110
WB2_143x110
FT_300x110
RB_300x110
NGS_226x110
AZ2_239x110
PS_112x110
SX3_344x110
DS_300x110
CS_136x110
PH_300x110
PT_300x110
AM_300x110
RR_300x110
AVE_197x110
PM_275x110
KF_300x110
QA_229x110
DRI_247x110
BL_120x110
GLY_300x110
NEX_240x110
KM2_300x110
PA_300x110
SA_257x110
TEX_300x110
WE_271x110
ZI_300x110
WM2_132x110
MM_259x110
SO_300x110
SEC_188x110
BC_300x110
EVE_300x110

CCPA Compliance Support

Our privacy attorneys and cybersecurity professionals provide hands-on support for all aspects of compliance with the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), and the implementing regulations. We can help determine whether your organization is subject to the CCPA, conduct a compliance gap analysis, and prepare a remediation roadmap. Related services include:
 

Data Mapping

We help identify, map, and document all personal information your organization collects, stores, or shares.

Privacy Notice & Transparency

We review and update your privacy notices to align with CCPA transparency requirements, including point-of-collection notice and mobile app disclosures.

Consumer Rights Implementation

We design and implement processes to honor consumer rights under the CCPA, including opt-out requests, Global Privacy Control implementation, authorized agent requests, requests to limit the use of sensitive data, and access, correction, and deletion requests.

Contract Support

We review and renegotiate vendor and third-party agreements to align with CCPA regulatory requirements and help avoid unwanted sales classifications while ensuring vendor cooperation.

Risk Assessments

We conduct and document mandatory privacy risk assessments for high‑risk processing activities, including sensitive personal information and ADMT uses, to meet CCPA regulatory requirements. 

ADMT Support

We help businesses that use automated decision‑making technologies provide required pre‑use notices, opt‑out options, and transparent explanations of how decisions are made. 

Cybersecurity Audit Readiness

We prepare your organization for independent cybersecurity audits, including program review, documentation, and certification support under the finalized California regulations. 

Sensitive Data

We can assess the extent to which your organization collects and processes sensitive personal information (which in California includes precise location and message content), and help manage specific obligations related to such data.

Staff Training

We deliver organization‑wide privacy and security awareness training to help reduce risk, improve compliance practices, and support CCPA workforce education requirements.

Schedule a Free Consultation

We'd love to learn more about your compliance needs. In this session, a member of our team will tell you more about our program, give you an opportunity to ask questions, and gather any information needed to provide you with a proposal.
Form-steps-verasafe-green-final-1
Wow Intro

The awesome title

Text modules don’t have to be simple, you can add personality to them without this being a problem.

All blocks are customizable, add, change and choose the best for your brand.

Link here
pexels-mikhail-nilov-8322997

Global Privacy Control (GPC) Compliance

GPC is a universal opt‑out signal that lets consumers stop the sale or sharing of their personal information automatically. Businesses subject to the CCPA that may engage in “selling” or “sharing”—such as through the use of online advertising technologies—must honor GPC signals as valid consumer requests and ensure their systems respond accordingly. 

How VeraSafe Can Help: 

  • Work with your web developers and vendors to implement reliable GPC recognition across digital properties. 
  • Test system functionality to ensure GPC signals are accurately detected and honored. 
  • Configure tag management or consent management tools to respond properly to GPC signals. 
  • Update privacy notices and disclosures to reflect support for GPC opt‑out requests. 
GPC
website-compliance

California Invasion of Privacy Act (CIPA) Compliance Support

Many businesses have received letters from plaintiffs’ attorneys threatening to sue or arbitrate theories related to CIPA. These theories typically focus on the use of website technologies, such as session replay, chatbots, online advertising tools, and cookie banners.  

How VeraSafe Can Help: 

  • Help assess your CIPA risk by examining your website technologies and current cookie banner implementation. 
  • Recommend options to meet your business’s technological, marketing, and growth objectives while calibrating and balancing CIPA risk and compliance. 
  • Respond to and resolve demand letters from plaintiffs’ attorneys related to alleged CIPA noncompliance. 

Additional California Privacy Support

The privacy law landscape in California grows increasingly complex each year. VeraSafe can identify and support with additional compliance obligations that may be applicable to your businesses, including: 

Rules applicable to children and teenagers, including compliance with the California Age-Appropriate Design Code (AADC)

Data broker registration, legal requirements, and Delete Request and Opt-Out Platform (DROP) compliance 

California Customer Records Act (aka “Shine the Light”) consumer requests related to marketing disclosures 

Data breach assessments, including reporting obligations 

Why Choose VeraSafe?

End-to-End Support


From initial risk assessments to ongoing program management, we guide your team through California privacy compliance.

Trusted U.S. Privacy Advisor

We have extensive experience advising organizations of all sizes on state-specific privacy laws and practical implementation strategies.

Technical Fluency


Our team has deep experience integrating Global Privacy Control (GPC) with consent platforms, tag managers, and tracking systems.

Global Perspective


While supporting on California privacy law compliance, we can also help guide your business towards a compliance posture that satisfies other major privacy regimes.

Experienced Team

Our more than 60 team members include American and European attorneys, compliance professionals, and IT security experts with in-depth knowledge of U.S. privacy laws. Our ranks include former regulators and Vault Law 100 attorneys, Certified Information Privacy Professionals (CIPP), Certified Information Systems Auditors (CISA), and alumni of Big 4 professional service firms.

Jim Cormier, Partner

Jim Cormier
Sr. VP and Head of Professional Services
CIPP/E, CIPM, FIP

Isabel Fernandez 500x500

Kellie Isabel Fernández Del Campo Aguiló
Senior Privacy Advisor
CIPP/E, CIPP/US, CIPM, CIPT, FIP

VeraSafe - Professional Portrait - Joe-Hansen-500x500

Joe Hansen
Partner
CIPP/US, CIPP/E

Zia-Maharaj-500x500

Zia Maharaj
Partner
CIPP/E, CIPP/US, CIPM, FIP, GCP for Clinical Trials (ICH Focus)

Frequently Asked Questions

Which businesses are affected by Global Privacy Control (GPC)?
What are the new CCPA cybersecurity audit requirements?
What are the new CCPA risk assessment requirements?
What are the ADMT requirements under the updated CCPA regulations?
When do businesses need to comply with the new cybersecurity audit, risk assessment, and ADMT requirements?