How do you handle CA CCPA + CPRA "Do Not Sell" on my Magento store?

California has the strictest US state privacy law — stricter than New York's SHIELD Act, Virginia CDPA, Colorado CPA. The California Consumer Privacy Act (CCPA, 2020) plus its 2023 amendment the California Privacy Rights Act (CPRA) require: (1) a clear “Do Not Sell or Share My Personal Information” link in the footer of every California-served page; (2) Right to Know, Delete, Correct, Limit data flows (DSAR within 45 days); (3) sensitive personal info opt-out (precise geolocation, racial/ethnic origin, religious beliefs); (4) Global Privacy Control (GPC) signal honoring — the browser sends “Do Not Sell” automatically. We deploy: OneTrust, Cookiebot, or Klaro CMP configured for California, per-storefront-view consent (separate CA vs other-US vs EU vs ROW), DSAR automation wired into Magento's customer table + Klaviyo / Mailchimp suppression lists, and GPC signal detection in the JS layer. Penalties run $7,500 per intentional violation — CA AG enforces aggressively. We’ve shipped CCPA-compliant Magento stores for Silver Lake skincare DTC and Beverly Hills luxury brands.