The California Privacy Rights and Enforcement Act (CPRA) is a law that was passed on November 4, 2020. The CPRA brings about changes to the prior law on privacy and data protection in California, the California Consumer Privacy Act (CCPA). These changes will come into effect on January 1, 2023.

What is CCPA?

The California Consumer Protection Act (CCPA) is a law that protects consumers’ privacy rights and promotes consumer protection for citizens of California in the United States. Consumers have various rights under the CCPA regulations governing the use, sale or sharing of their personal data, with other organisations. It came into effect on January 1, 2020.

Rights under CCPA enjoyed by Consumers/ California Residents :


Failure to comply with CCPA shall invite a fine of 7500$ per violation for businesses, and 750$ per affected person.

What is CPRA?

CPRA applies to California businesses that make a profit of more than $25 million yearly and collect, utilise, and distribute personal information about California residents.

The CPRA aims to supplement, upgrade and build upon the CCPA and shall replace it when it takes full effect from July, 2023. It covers under its ambit, the information collected during the course of January 1, 2022, to July 1, 2023.

Is applicable to business that deals with the information of at least 100,000 California residents. On the lines of GDPR, it isn’t necessary for the business to be located in California, if the business as much as interacts with the residents of California, it shall be subject to its compliance.


Monetary penalties to the tune of 10 million $ or 3%, of the gross global revenue of an organisation, whichever higher, are imposed for violating the CPPA provisions.

How our privacy team can help

At Tsaaro’s, our privacy team comprises of experienced lawyers and InfoSec professionals. Together we ensure that your organisation is compliant with all regulatory requirements along with best possible technical and infrastructural solutions. We provide personalised plans to our customers to inculcate data protection by design and by default in their processes in a cost efficient manner.