Posted: Nov 2019
The European Union’s (EU) General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) have many similarities. For starters, they both outline and enforce new regulations regarding the personal data of individual consumers. Both require organizations to provide individuals access to their own personal data, as well as the right to have it deleted. And both are regional laws with global implications.
The GDPR and CCPA also have several key differences. With the CCPA going into effect January 2020, it’s wise to study up on the parameters of the CCPA to ensure you don’t face fines in the future, even if you think your business may not be affected.
Read on for more information on the CCPA and how it’s different from GDPR.
Legal Disclaimer: We applied our best understanding of the California Consumer Privacy Act when building this article. However, we are not legal professionals. To minimize risks, we urge you to read the actual text of the CCPA and seek the advice of your corporate lawyer.
The most notable difference between the CCPA and GDPR is that the CCPA concern consumers in the state of California, while the GDPR concerns those in the EU.
Here are 9 more key differences between the GDPR and CCPA (via SalesHacker.com):
GDPR
Covers any entity that processes the personal data of protected consumers/residents
Allows covered entities to establish equivalent mechanisms
More narrow definition of personal information
Outlines conditions for access and deletion requests
Looser restrictions for commercial sharing of personal data
Includes the right to correct errors in processed personal data
Include the right to stop automated decision making (i.e., the right to require a human to make decisions that have legal implications/effect)
Penalty limit set at 4% of global annual revenues
No minimum or maximum for damages
CCPA
Applies only to businesses
Prescribes disclosures, communication channels, and other measures
Broader definition of personal information
Different conditions for access and deletion requests
More rigid restrictions for commercial sharing of personal data
Does not expressly include the right to correct errors in processed personal data
Does not expressly include the right to stop automated decision making
No limit on regulator penalties
Sets minimum and maximum damage amounts ($100 to $750 per consumer per incident) for private actions against violators
If you’re worried about preparing for the CCPA, Sales Hacker has you covered with a detailed webinar on five straight-forward steps to prepare your organization for the CCPA, featuring security experts from DataGrail and Outreach.