august 1, 2026: what the DROP enforcement deadline actually requires

80 days from today, california's data rights opt-out platform enforcement goes live. the deadline isn't a soft launch or a grace period extension — it's the date the california privacy protection authority starts issuing penalties.

here's what the enforcement actually requires, from the CA delete act (sb 362):

data brokers must access the DROP portal every 45 days. not annually. not quarterly. every 45 days, they pull the queue of new deletion requests that came in since the last pull. miss a cycle and you're already behind.

for each verified deletion request, the broker has 45 days to process and confirm deletion. not from when you get around to it — from when the request was submitted through DROP. the clock starts without you.

failure to process: $200 per request per day. if you have 100 unprocessed requests and miss a cycle, that's $20,000 per day. for a mid-size data broker processing hundreds of consumer records, a missed cycle is an existential fine.

the operational reality most data brokers are under-planning for

the DROP portal integration is documented. what's not documented in most compliance planning is the operational lift: you need a system that checks DROP on a 45-day cycle, identifies net-new requests since last pull, validates the consumer identity against your records, executes the deletion across every database where that consumer's data lives (not just one), and generates confirmation that deletion happened.

"deletion" under sb 362 means deletion. not suppression, not a flag in a field that says "do not use." the data has to be gone from your systems, and you have to be able to prove it.

for brokers who collect data from multiple sources and propagate it to downstream buyers, "deletion" also means tracking and notifying those downstream recipients. the operational scope is wider than most teams running current compliance tooling expect.

what bizsuite's data removal service covers

bizsuite's data removal product was built around the CA delete act structure: 48 brokers covered across 5 compliance tiers, built-in SB 362 workflow, automated DELETE request submission and confirmation tracking.

the $497 setup covers the initial enrollment and first-cycle submission. the $49/month ongoing keeps the 45-day cycle running automatically — DROP check, request pull, deletion submission, confirmation log — without a human having to remember to do it every 45 days.

for consumers who want to be off the board before august 1: https://getbizsuite.com/data-removal

for data brokers who need to confirm their DROP integration and operational workflow is compliant before enforcement starts: the same audit structure applies. the deadline is fixed. the fine structure is fixed. 80 days is enough time to get this right, but not enough time to wait another two weeks to start.