The California Consumer Privacy Act is bringing sweeping change. This anticipated shift to the U.S. privacy landscape is just the beginning, with other states following California’s lead, including Nevada, which enacted new privacy legislation just last week. While many affected companies approached the E.U.’s General Data Protection Regulation as a compliance project, they have now learned this growing trend requires a broader program shift. In this first installment of a two-part article series, we explore recommended privacy program goals in light of the CCPA, how to make the case for a holistic approach to implementation and why detailed compliance work should be ongoing. Part two will focus on how companies should prepare for two areas of the CCPA requirements – vendor management and data subject rights requests – which experts agree need to happen no matter what amendments to the law may pass. See also our two-part series on preparing for the CCPA: “Securing Buy-In and Setting the Scope” (Feb. 27, 2019); and “Best Practices and Understanding Enforcement” (Mar. 6, 2019).