august 1 is 67 days away: what the california drop portal actually requires

the california DELETE Act's DROP (Delete Request and Opt-out Platform) goes live august 1, 2026. from that date, data brokers registered with the CPPA must check DROP every 45 days and process deletion requests within 90 days.

the $200 per request per day penalty for non-compliance is real — and the CPPA just launched a dedicated Data Broker Enforcement Strike Force to find it. Background Alert got shut down through 2028. the agency is not signaling lightly.

what "process deletion requests" actually means

this isn't a one-time opt-out form. DROP creates a continuous obligation: brokers must query the portal on a 45-day cycle, identify consumer records matching deletion requests, delete them, and log that they did it. the 2028 third-party audit requirement means your deletion logs need to be verifiable, not just present.

the failure mode most teams will hit: manual processes that worked for CCPA opt-outs won't scale to DROP's automated cadence. 45 days sounds like a lot until you're tracking 50,000 deletion requests across 48 broker categories with a spreadsheet.

what automation actually looks like

BizSuite's Data Removal product was built against CA SB 362 from the start: 48 brokers across 5 tiers, DROP integration built in, $497 flat + $49/month for ongoing monitoring.

the difference between that and a manual compliance workflow is roughly 40 hours per 45-day cycle, which at any reasonable rate for compliance staff is the wrong math.

if you're a data broker, a broker's vendor, or a compliance team advising brokers, august 1 is your deadline: https://getbizsuite.com/data-removal