CCPA vs GDPR – Data protection compliances
In our previous blog, we talked about the CCPA “California Consumer Privacy Act” the data protection compliance which is coming into effect on Jan 1, 2020. The act is modeled after the GDPR “General Data Protection Regulation”. People who are aware of GDPR will see similarities with CCPA compliance.
Both these compliance CCPA and GDPR are giving customers and individuals certain rights as to how their personal information is collected and used. However, there are certain things that need to be tracked from the company’s side. California has a much larger economy than the UK, so there are penalties that may be more severe than the GDPR, apart from this there are several notable differences between CCPA and GDPR which are noted below.
Meaning of (PI) Personal Information – CCPA describes PI as information that identifies, relates to, describes, or is capable of being associated directly or indirectly with a consumer or his/her household, “Household” is broader than that data of an individual whereas GDPR defines PI as information relating to the consumer only.
Data rights grant – CCPA grants consumers five rights, disclosure, deletion, access, opt-out, and rights of non-discrimination. whereas GDPR grants the right to be informed, access, erasure, data portability, rectification, and object.
Who must comply – CCPA defines this as “California businesses” of substantial size in regard to revenue or number of consumers affected which collect personal data of the consumers whereas GDPR describes as “data controllers” who determine the purpose and process the data and “data processors” those who process the data for controllers, which holds personal data of EU citizens.
Penalties/Fine – CCPA charges $2500 per violation in case of any breach and upwards of $7500 for intentional violations whereas GDPR fines up to 4% of the annual turnover of 20 million euros; whichever is higher.
GDPR and CCPA will have far-reaching impacts all over the state jurisdictions. Although the CCPA does not go into effect for another 8 months, the time to start preparing and protecting your company from violations is now.