The California consumer privacy law that introduced the right to delete, opt-out of sale/share, and limit use of sensitive personal information.
Businesses doing business in California meeting one of three thresholds (revenue, volume, or revenue share from data sales).
Continuous evidence pipeline available; audit support included for all customers.
These are the obligations a regulated entity owes — the things an assessor or supervisor will ask about.
Right to know, delete, correct, opt-out of sale/share, and limit use of sensitive personal information.
Conspicuous "Do Not Sell or Share My Personal Information" link.
Annual cybersecurity audit and risk assessment for businesses processing large volumes of personal information (CPPA regulations).
Service provider / contractor contractual safeguards including no further use of personal information.
Data minimisation and purpose limitation per CCPA §1798.100.
Each requirement above is bound to live telemetry — not screenshots. The mapping below is what your auditor or regulator sees.
Data Subject Access Request (DSAR) workflow with 45-day clock and verification gates.
Data inventory and PII discovery across configured cloud and SaaS systems.
Cybersecurity audit and risk assessment template aligned to draft CPPA regulations.
Contractor/service-provider registry with contract metadata.
Each evidence artifact is signed and timestamped. Auditors can verify integrity without trusting Safeguard.
DSAR ledger with timing, scope, and resolution status.
Annual cybersecurity audit report (CPPA-aligned).
Risk assessment per CPPA draft regulations.
Data inventory and category-of-recipient register.
These frameworks share substantial control overlap with CCPA / CPRA. Customers running one assessment typically satisfy the others with the same evidence base.
European Union
The EU's General Data Protection Regulation — the global gravity well of privacy law since 2018.
North America
The California consumer privacy law that introduced the right to delete, opt-out of sale/share, and limit use of sensitive personal information.
North America
Canada's federal personal information protection law for commercial activity.
Bring the framework. We'll walk the controls with you — section by section, evidence packet by evidence packet, with the regulators you actually have to answer to.