the $200-per-day problem hiding in california's new DROP portal

the California Privacy Protection Agency just opened the DROP portal — and if you're one of the 545+ registered data brokers, the clock is already running.

starting August 1, 2026, you're required to check that portal every 45 days, process every verified deletion request within 45 days, and report completion back to CalPrivacy. miss a request: $200 per request, per day in penalties. that math compounds fast.

here's what most data brokers are underestimating: it's not just the deletion itself. it's the operational loop. the portal sends you a list. you match it against your database. you delete. you log it. you report back. then you do it again in 45 days. for every future request. with a compliance timestamp trail that holds up in an audit.

teams trying to handle this manually are going to fail — not on the first cycle, but by cycle three when the requests volume up and someone pulls the wrong list from the wrong week.

the data brokers that survive this are the ones who automate the match-delete-report cycle before August 1, not after the first $200-per-day notice arrives.

our data-removal product handles 48 brokers across 5 tiers today, with the CA Delete Act (SB 362) logic baked in — not bolted on. the DROP integration is already there.

if you're a data broker staring at this deadline: getbizsuite.com/data-removal has the details. 65 days is not a lot of runway when you're building the compliance loop from scratch.