GDPR and CCPA are laws that were designed with privacy in mind. The design and implementation of CCPA/GDPR is imperative, given the many privacy violations that have rocked the business world.
CCPA stands for California Consumer Privacy Act and will be in effect Jan 1, 2020. GDPR is the General Data Protection Regulation, which was in effect May 25, 2018. These laws were created with the increasing concerns about data collection, data dissemination, and data retention by various organizations in mind. Let’s look at some similarities and differences between CCPA & GDPR.
Both laws have at their core the need to strengthen and bolster data privacy laws
Both of these laws are in effect when businesses begin collecting personal information from citizens.
Both laws allow citizens to access and correct the data they have collected, as well as to delete it.
Let’s see below the differences between the GDPR and the CCPA.
A1. Broad outlines of CCPA/GDPR:
The CCPA outlines privacy laws, but only for residents of the Golden State. It provides the following information for Californians:
The right to access the information that is being collected about them and their families
The right to say “No!” to the sale or distribution of their personal information.
Individuals have the right to let businesses know if they violate their privacy.
GDPR also outlines privacy laws, but only for EU citizens. Businesses are expected to follow seven principles in GDPR when processing personal data of EU citizens. These principles are
Transparency, fairness, and lawfulness
Integrity and confidentiality (security).
The CCPA applies only to businesses that make $50,000,000 a year in revenues, businesses that sell 100,000 consumer records each year, and businesses that get 50% of their revenue from selling personal information based in California. It also applies to businesses that collect information about Californians, regardless of whether they reside in the state or not.
The GDPR protects the privacy rights of all citizens of the European Union. It not only gives guidelines for businesses but also for public bodies/institutions/not-for-profit organizations that operate within the EU and who process the personal details of the citizens of EU. It also provides specific guidelines for businesses operating outside the EU that process personal information of EU citizens.
A3. Penalties and fines:
Organizations can be fined up to 10,000,000 euros for a minimum violation of GDPR laws. If they are an undertaking, they will be fined 2% of the global turnover from the previous fiscal year.
On the other side, CCPA noncompliance can result in fines up to $2500/violation and $7500/violation
Businesses are required to ask customers if they want to “opt in” to data collection when implementing GDPR.
CCPA suggests that businesses ask their citizens if it is possible to opt-out of data collection.
These are just a few of the similarities and differences between CCPA (and GDPR). Both of these are hoped to protect innocent citizens from data privacy violations.