CPRAFree Resource

California Privacy Rights Act Timeline and Implementation Guide

Convert CPRA duties into an operating model for correction rights, SPI controls, service provider and contractor governance, and the California rules effective January 1, 2026.

CPRA generally applies to for-profit businesses that do business in California and meet at least one threshold: annual gross revenues over $25 million, buying/selling/sharing the personal information of 100,000 or more consumers or households, or deriving 50 percent or more of annual revenues from selling or sharing personal information. Grounded in the current California statute, CPPA regulations, and CPPA rulemaking updates. This is implementation guidance, supporting implementation planning and should be validated against jurisdiction-specific legal, contractual, and policy requirements before implementation.

Get a CPRA readiness review
Publication details
Editorial metadata for this artifact
Author
Sorena AI
Published
Feb 22, 2026
Updated
Feb 22, 2026
What teams can decide faster under CPRA
What CPRA changed
Map correction, sharing, SPI limitation, and contractor rules into policy and system updates.
How to handle CPRA sensitive personal information (SPI)
Classify SPI, decide if the right to limit applies, and propagate limitation instructions.
How to prepare for 2026 CPRA rule changes
Track risk assessment, cybersecurity audit, ADMT, and data broker obligations where applicable.
By Sorena AIUpdated 2026No signup required
CPRA quick scan
CPRA
CPRA applicability scope
Validate threshold and role applicability with evidence.
CPRA workflow operations
Run rights workflows, disclosures, and opt-out signal handling.
CPRA enforcement readiness
Manage risk assessment, cybersecurity audit, and enforcement readiness.
Use linked subpages to implement each CPRA workstream with technical and governance depth.
CPPA
Regulator
SPI
Control focus
GPC
Signal support
Data broker registry
Broker context
SPI-ready
Rights-ready
Audit-ready
CPRA Timeline

Key milestones for California privacy operations

Track statutory, regulatory, and enforcement developments that influence CPRA implementation sequencing and risk posture.

Loading timeline...

Topic guides

Deep dive pages for implementation planning, controls, reporting, and evidence.

1
California CPRA Checklist
Practical guidance for the California CPRA checklist, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
2
California CPRA FAQ
Practical California CPRA FAQ guidance with implementation decisions, evidence, edge cases, and official California source citations.
Read Guide
3
California CPRA penalties and fines Guide
US CPRA guidance for penalties and fines, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
4
California CPRA Requirements Guide
Practical guidance for California CPRA requirements, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
5
California CPRA Risk Assessments, Cybersecurity Audits, and ADMT Guide
California CPRA guidance for risk assessments, cybersecurity audits, and ADMT, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
6
California Data Broker Deletion Workflow Guide
California Delete Act and CPRA-adjacent guidance for data broker deletion workflows, with practical decisions, evidence, edge cases, and official citations.
Read Guide
7
California Data Broker Registry and DROP Guide
California Delete Act guide to the Data Broker Registry and DROP, with practical decisions, evidence, edge cases, and official source citations.
Read Guide
8
US CPRA Applicability Test Guide
Practical guidance for the US CPRA applicability test, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
9
US CPRA CCPA vs CPRA Guide
US CPRA guidance for CCPA vs CPRA, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
10
US CPRA Compliance Guide
Practical guidance for the US CPRA compliance, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
11
US CPRA Consumer Rights Workflow Guide
US CPRA guidance for Consumer Rights Workflow, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
12
US CPRA Contract Terms Guide
US CPRA guidance for Contract Terms, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
13
US CPRA Contracts Contractors And Service Providers Guide
US CPRA guidance for Contracts Contractors And Service Providers, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
14
US CPRA Correction Rights Guide
US CPRA guidance for Correction Rights, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
15
US CPRA Cppa Regulations Tracker Guide
US CPRA guidance for Cppa Regulations Tracker, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
16
US CPRA Cyber Audit Readiness Workflow Guide
US CPRA guidance for Cyber Audit Readiness Workflow, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
17
US CPRA Deadlines and Compliance Calendar Guide
US CPRA guidance for Deadlines and Compliance Calendar, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
18
US CPRA DSAR And Correction Workflow Guide
US CPRA guidance for DSAR And Correction Workflow, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
19
US CPRA GPC Handling Guide
US CPRA guidance for GPC Handling, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
20
US CPRA GPC Handling Workflow Guide
US CPRA guidance for GPC Handling Workflow, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
21
US CPRA Retention Guide
US CPRA guidance for Retention, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
22
US CPRA Risk Assessment Intake Workflow Guide
US CPRA guidance for Risk Assessment Intake Workflow, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
23
US CPRA Risk Assessment Template Guide
US CPRA guidance for CPRA Risk Assessment Template, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
24
US CPRA Risk Assessments And Cybersecurity Audits Guide
US CPRA guidance for Risk Assessments And Cybersecurity Audits, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
25
US CPRA Sensitive Personal Information Guide
US CPRA guidance for Sensitive Personal Information, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
26
US CPRA Sensitive Personal Information Limits Guide
US CPRA guidance for Sensitive Personal Information Limits, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
27
US CPRA Sharing and Cross-Context Behavioral Advertising Guide
US CPRA guidance for Sharing and Cross-Context Behavioral Advertising, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
28
US CPRA vs Colorado Privacy Act Guide
US CPRA guidance for CPRA vs Colorado Privacy Act, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
29
US CPRA vs Virginia Vcdpa Guide
US CPRA guidance for CPRA vs Virginia Vcdpa, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
Next step

Turn CPRA scope checks and implementation questions into a cited research workflow

California Privacy Rights Act Timeline and Implementation Guide should be the shared entry point for your team. Route execution into Research Copilot for live work and into SSOT when the artifact needs deeper research, evidence governance, or supporting analysis.

What this unlocks
  • Start from California Privacy Rights Act Timeline and Implementation Guide and route the work by entity, product, team, or control owner.
  • Use Research Copilot to answer scope, timing, and interpretation questions with cited outputs.
  • Use SSOT to keep documents, evidence, and control records in one governed system.
  • Move from artifact reading to accountable execution without rebuilding the guidance in separate files.
Recommended route
Open Research Copilot
Answer scope, timing, and interpretation questions with cited outputs for California Privacy Rights Act Timeline and Implementation Guide.
Supporting route
Open single source of truth
Keep documents, evidence, and control records in one governed system from the same artifact.
Talk to Sorena
Talk through California Privacy Rights Act Timeline and Implementation Guide
Review your current process, evidence model, and next implementation steps.
Discuss your setup
US CPRA compliance artifact preview
Share it internally
Download the timeline export to align legal, product, engineering, and commercial teams on milestones and deadlines.