CCPA Data Mapping: Steps for Becoming CCPA Compliant

In this increasingly computerized and digital world that we live in, the protection of a user’s data has become very important. There have been calls for regulations and provisions to be set up, controlling how consumer data is collected, stored, and processed. The General Data Protection Regulation (GDPR) is one of the most important laws affecting businesses on a global scale.   

However, for a more localized context, specifically the state of California, we have the California Consumer Privacy Act (CCPA). The statute not only applies to businesses that are located in California but also to those that don’t have a physical address in the state. As long as your company/ brand does business in California, you will need to ensure you comply with its provisions.

One such requirement is data mapping. This article seeks to advise entities and brands on how to approach the issue and get compliant with CCPA regulations.

Getting started with Data Mapping

To put it across simply, data mapping involves the matching of data fields from one source to the fields of another. In terms of the collection of information and other personally identifiable information (PII), you will be able to match the data collected to the individual. So who are you collecting from? While this might be a complex question, allow us to give you a small list of the most common consumer groups: customers, website guests, employees, job seekers, and email newsletter subscribers.

Data mapping is a vital step in compliance with CCPA regulations. As you prepare to map out your data or engage a certified and experienced professional, consider the following information:

  • What type of personal information does the company need to collect? To get your website CCPA compliant, you are going to need to know from whom you are collecting information and the type of personal information collected;
  • How will you collect and store the information?
  • Are there third-party entities that you share PII with?
  • Are other parties CCPA compliant? Or working towards it?

One error that companies make in the above assessment is to only consider physical storage of PII, such as databases and files servers. Unknowingly, companies can be sharing and storing PII on email, workstations, and cloud storage service providers.

Private Notices

An important thing to data mapping is privacy notices. Privacy notices must go hand in hand with the map created for your data. This is because it is within the privacy notice that you will communicate the collection and use of PPI in a simple and plain language. This should also be in adherence to the Web Content Accessibility Guidelines 2.1 (WCAG). 


Being CCPA compliant is no longer just an optional task for your organization’s website. You need to start from the ground up clearing up any loopholes that may have you paying considerable fines or finding yourself in a court of law.

Consider calling upon an experienced and reputable data mapping professional who can streamline all your needs.