CCPA / CPRA compliance for Quebec businesses
Certi360 helps Quebec SMBs meet the California Consumer Privacy Act (CCPA) and CPRA — privacy notices, consumer rights and security measures adapted to your reality.
Request a free assessmentDoes CCPA affect your Quebec business?
The California Consumer Privacy Act (CCPA), strengthened by the California Privacy Rights Act (CPRA), applies to businesses that collect personal information from California residents and exceed certain revenue or data volume thresholds. Many Quebec technology SMBs selling in the United States are affected without realizing it.
The framework grants California consumers concrete rights: access to their data, deletion, correction, opt-out of sale or sharing, and limitation of sensitive data use.
Pillars of our CCPA support
- Applicability assessment — verify whether your organization meets CCPA/CPRA thresholds.
- Data mapping — identify categories of information collected and flows to third parties.
- Privacy notice — drafting compliant with California requirements (notice at collection, privacy policy).
- Rights-request mechanisms — forms, 45-day response timelines and internal procedures.
- Third-party contracts — required clauses for service providers and subprocessors.
- Security measures — reasonable controls to protect personal information.
- Team training — awareness for marketing, sales and IT on CCPA obligations.
CCPA, GDPR and Bill 25: avoid triple documentation
All three frameworks share a common logic: transparency, individual rights and data security. Certi360 designs unified governance for Quebec SMBs active in Quebec, Europe and the United States — without writing the same policies three times.
Who is this service for?
SaaS vendors, e-commerce platforms, marketing agencies, technology firms and any Quebec organization that collects data from clients, prospects or users in California, or receives CCPA contractual requirements from American partners.
Frequently asked questions
- What is the CCPA?
- The California Consumer Privacy Act (CCPA), strengthened by the California Privacy Rights Act (CPRA), is California's law on consumer personal information. It grants rights of access, deletion, correction and opt-out of sale or sharing of data.
- Can a Quebec business be subject to the CCPA?
- Yes. If you collect data from California residents and exceed certain revenue or data volume thresholds, CCPA/CPRA applies — even from Quebec. SaaS SMBs and e-commerce businesses selling in the United States are often affected.
- What is the difference between the CCPA and the GDPR?
- The GDPR applies to EU residents; the CCPA to California residents. Both require transparency and individual rights, but applicability thresholds, definitions and compliance mechanisms differ. Certi360 designs a unified program to avoid triple documentation.
- How does Certi360 support CCPA compliance?
- We assess applicability, map your data flows, draft a compliant privacy notice, implement rights-request mechanisms and strengthen your security controls.
- Does the CCPA require certification?
- No. CCPA/CPRA requires documented practices and reasonable security measures. A structured approach (Bill 25, GDPR, ISO 27701) nonetheless simplifies California compliance and American clients' contractual requirements.