Processes to support the following verified/authentication consumer requests are:
List of all stored PII for an individual
Option to delete all personal information
Opt-out for any selling of that information
Requests for lists or deletion of a consumer's information have to be processed within 45 business days. Should the consumer not complete necessary verification steps before the 45 day period, it can be denied. If the business cannot comply within the same period, it can be extended another 45 days so long as the consumer is notified as to the reason for the delay.
From a Salesforce Administrators point of view, what CCPA calls ‘Consumer Requests’ translate to components within Consent or Preference Management. The legislation calls these Subject Access Requests (SAR). It’s similar to Data Subject Access Requests (DSAR) for GDPR.
Personal Inventory Solutions
Manual: Locate all customer data using flows or APEX to find records that contain personal data.
Deletion Request Solutions
Manual: Locate all customer data using flows or APEX to find records that require deletion.
Opt Out Solutions
Manual: Report export or use APEX to create the appropriate report.