How to Check the CA DROP Portal: A Step-by-Step Guide for Businesses
Accessing the DROP Portal for the First Time
The DROP portal is operated by the California Privacy Protection Agency through the CalPrivacy platform. After completing your data broker registration, you will receive credentials to access the business side of the portal. Log in at the designated CalPrivacy URL using the credentials provided during your registration confirmation. The portal interface shows your pending deletion and opt-out requests organized by date received.
Downloading Your Deletion Request CSV
Once logged in, navigate to the Pending Requests section. The portal provides a CSV export feature that downloads all new consumer requests since your last retrieval. Save this file using a consistent naming convention such as DROP_export_YYYY-MM-DD.csv for easy tracking. The CSV includes the request ID, consumer identifying information (name, email, phone), request type (deletion or opt-out), and the date the request was received. This file is the starting point for your 45-day compliance cycle.
Understanding Request Types
The DROP portal processes two types of consumer requests. Deletion requests require you to completely remove the consumer's personal information from all your active systems. Opt-out requests require you to stop selling or sharing the consumer's data with third parties but do not necessarily require full deletion. Both types must be processed within the 45-day window and reported back to the portal with their final status.
Reporting Back to the Portal
Before the 45-day deadline expires, you must log back into the DROP portal and update the status of each request. The available statuses include Completed (data deleted or opted out), Not Found (no matching consumer records in your systems), and Exempt (a documented legal exemption applies). For each status, you should have supporting documentation in your compliance log in case of a CPPA audit. Failure to report back is treated the same as failure to process the request.
Setting Up a Retrieval Schedule
While the law requires retrieval at minimum every 45 days, many compliance officers check more frequently to avoid deadline pressure. A common approach is to check the portal biweekly or even weekly, especially during the first few cycles as you build your processes. Use calendar reminders or automated alert systems to ensure you never miss a retrieval window. Each missed cycle compounds your fine exposure across all pending requests.
Get our 45-Day Compliance Calendar with automated reminders so you never miss a retrieval deadline.