Experts on CPRA compliance at TerraTrue

February 22, 2022

Get ready for the CPRA with TerraTrue’s new module


The California Privacy Rights Act may be the most exacting cross-sectoral privacy law ever passed in the United States. By July 1st, 2023, virtually every company doing business with Californians will need sweeping privacy controls throughout their company and their vendor ecosystem. Getting ready in time requires the right technology to analyze your tech stack and business processes, and the right support to chart the most efficient, cost-effective course to full compliance.

TerraTrue’s new CPRA module combines the technology, support, and guidance you need in one powerful tool. From documenting your privacy practices to identifying and implementing needed changes.

What’s so challenging about the CPRA?

Get compliant with CA’s new privacy law.

Gap analysis is a huge time suck

Even if your privacy program is already fully compliant with the CCPA, the changes imposed by the incoming CPRA pose a substantial challenge for your business. Not only does the CPRA grant a number of new privacy rights, it also expands on the consumer rights already granted by the CCPA, and extends protections to employees and contractors who work in California.

The CPRA also encompasses new data types and uses. The information stored in your CRM, for instance, is now subject to regulation, creating new requirements for how you collect, store, and manage data from employees, vendors, and third-party partners.

Efficient, well-staffed privacy teams are finding these changes overwhelming, and the path to compliance feels riddled with lose-lose choices. Should you meet the CPRA’s new B2B requirements by building an entirely new system for business stakeholders, or modify what you’ve already built to cover non-consumers? Should you hire more privacy professionals at a substantial cost, or risk the fines and penalties that non-compliance might bring?

Taking an ad-hoc, mechanical approach to closing the gap between your current privacy practices and the new requirements of the CPRA will be slow and costly — and it doesn’t guarantee that your business will be prepared for any downstream changes to the law.

CPPA says changes from CCPA to CPRA are TBD

A surprising amount of the CPRA is still being written. When the law was passed, a number of key provisions were left in the hands of a new rulemaking body, the Consumer Privacy Protection Agency (CPPA).

For example, the CPRA says companies doing business in California must have annual cybersecurity audits and regularly submit risk assessments to the CPPA. But it doesn’t say what the requirements for those audits and assessments will be. These and many other critical details will remain unclear until the CPPA issues its regulations, which are due by July 1st, 2022. That timeline leaves you only 6 months to prepare your privacy program before the CPRA goes into effect on January 1, 2023.

Even after this date, the CPPA will continue to issue new regulations and fine-tune existing ones. You’ll need to continually adjust your privacy strategy in response to court and regulatory enforcement decisions — often with short notice. Put another way, compliance is becoming an ongoing, perpetually evolving process. For companies using manual compliance approaches, the unpredictable work, costs, and regulatory risks quickly add up.

Automate compliance with the CPRA.

How does TerraTrue’s CPRA module help you get compliant?

TerraTrue’s CPRA module turbocharges your privacy team’s impact and ability to scale privacy reviews across your org.

TerraTrue automates gap analysis

TerraTrue saves you from the slow, inefficient, and error-prone process of manual gap analysis. Without it, you’ll have to dig through old privacy reviews by hand, examine them individually, and cross-check their privacy practices with the CPRA’s new requirements. Even at smaller organizations, a full gap analysis can sprawl across thousands of pages of documentation that must be mapped and tracked across all your databases and tools.

TerraTrue’s CPRA module automates most of this work. Documenting your existing data protocols is quick and foolproof, taking just a few minutes for each privacy review.Then the software automatically scans your entire privacy program and creates a prioritized list of recommendations — your path to CPRA compliance.

Run privacy reviews that learn as you go

TerraTrue gets smarter the more you use it, so completing privacy reviews for new products, features, and business initiatives gets simpler and more efficient over time. Does your business work with sensitive data types like Social Security numbers or personal identifiers? Do you require users to create online accounts? Does your HR department retain contact information for job applicants or past employees? We learn about your privacy practices every time a privacy review is completed — meaning our recommendations get better and your reviews get simpler.

Get real-time guidance on shifting regulations

TerraTrue helps you stay on top of regulatory changes as they happen. Our CPRA module is designed to account for incoming CPPA regulations, court decisions, and enforcement interpretations, so you can stay up to date without getting bogged down in research. That means you get the confidence of expert guidance without spending huge amounts of time and money deciphering and interpreting new rules.

CPRA compliance, made stress-free

As CPRA enforcement gets closer, a lot of companies will be panicking. You don’t have to be one of them. With TerraTrue, July 1st, 2023 can be just another day.