How Does The CCPA Compare To The GDPR?

Uploaded on 2020-03-25 in FREE TO VIEW, BUSINESS-Services-Law

On May 25, 2018, the General Data Protection Regulation (GDPR) came into effect - marking one of the most critical digital developments of the century. The legislation originated in the European Union (EU), and effectively protects the data rights of European Economic Area (EEA) residents. However, companies around the world that target users in the EEA are subject to comply with the hefty legislation.

While the effects of the GDPR itself have been felt these past two years, one of the most notable changes it has brought to the digital space is an influx in copycat legislation, and a call for similar protections to users’ data around the globe. 

Among the laws, regulations, and guidelines that have followed in the footsteps of the GDPR is the California Consumer Privacy Act (CCPA). As its name implies, this law comes from California, and serves to protect Golden State residents whose data is collected and shared by companies all over the world. 

How Are the CCPA and GDPR Similar? 

The CCPA is based on the GDPR, although it is notably lighter in size and scope. Both laws seek to protect the rights of individuals over their personal information by establishing data-handling best practices for businesses, and new data rights for users.

Among the shared features of the laws is the emphasis on accountability.  Both pieces of legislation threaten hefty fines for companies who fail to protect the data they collect from individuals and establish minimum expectations of data security. 

For example, both the GDPR and the CCPA emphasize the need for companies to implement Privacy by Design (PbD). PbD is the idea that privacy measures and data protection is built into the very framework of a business, website, or app. 

Given the potential consequences for failing to take data privacy seriously - millions of dollars in fines - both laws are setting new standards for data safety. 

How Are the Laws Different? 

While the CCPA is sometimes referred to as the California GDPR, these laws are far from the same. The GDPR is notably stricter, broader in scope, and ladened with far fewer loopholes than the CCPA. 

For example, the CCPA sets thresholds to determine what companies are subject to comply. These thresholds include annual revenue, revenue generated by data sale, and how many consumers’ data is collected. 

The GDPR, on the other hand, is applicable to any business that targets users in the EEA — regardless of company size, location, or revenue. In effect, a small travel blog in Idaho that sends newsletters to a few people in Switzerland is subject to comply with the GDPR. They would not, on the other hand, likely need to comply with the CCPA. 

Another key distinction between the two laws is the extent of their guidelines. The GDPR lays out extensive guidelines and boundaries for proper data handling, while the CCPA sets remarkably fewer strictures. 

Of the most significant requirements the GDPR establishes is the right for users to opt in to data collection. This guideline revolves around the notion that if businesses aren’t collecting data on a legal basis such as legitimate interests or to fulfill a contract, they should be basing that data collection on user consent. Therefore, businesses need to ask for users to opt in to the collection of their data. 

Alternatively, the CCPA has no such guidelines, and only sets a requirement for businesses to allow users to opt out of the sale of their personal information. 

What Does It All Mean for Businesses? 

Not only are thousands of businesses around the world subject to comply with one or both of these landmark privacy laws, but the GDPR and CCPA are only the beginning of a new wave of digital legislation. 

With over a hundred countries implementing or working to implement similar laws, the CCPA and GDPR are the foundation of the new standards for data privacy and protection. 

If you own or operate a website, app, or business that relies on consumer data, you need to understand these laws and the goals they seek to achieve.

To learn more about the key similarities and differences between the GDPR and CCPA, check out this infographic from Termly below:

You Might Also Read: 

GDPR's Impact In The US And Globally:

 

 

« Take Action On Cyber Security Training
AI Can Give An Early Warning Of Coronavirus »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Ammune.ai

Ammune.ai

Ammune.ai (formerly L7 Defense) helps organizations to protect their infrastructure, applications, customers, employees, and partners against the growing risk of API-borne attacks.

IT2Trust

IT2Trust

IT2Trust is one of Scandinavia’s leading value-added distributors of business-critical IT solutions within IT security and networking.

IT Association of Slovakia (ITAS)

IT Association of Slovakia (ITAS)

ITAS is a professional association of domestic and foreign companies operating in the field of information and communication technologies

Acuant

Acuant

Acuant is a leading global provider of identity verification, regulatory compliance (AML/KYC) and digital identity solutions.

ITonlinelearning

ITonlinelearning

ITonlinelearning specialises in providing professional certification courses to help aspiring and seasoned IT professionals develop their careers.

SecurityGate

SecurityGate

SecurityGate.io is the only Integrated Risk Management platform built for OT/ICS cybersecurity.

Phy-Cy.X Security Group

Phy-Cy.X Security Group

Phy-Cy.X specialize in the “Physics” of Information Security through both physical and cyber domains. We are not an IT company, we ARE an Information Security company.

Centre for Cyber Security Belgium (CCB)

Centre for Cyber Security Belgium (CCB)

The Centre for Cyber Security Belgium is the central authority for cyber security in Belgium.

Two Six Technologies

Two Six Technologies

Two Six Technologies delivers R&D, innovation, productization and implementation expertise in cyber, data science, mobile, microelectronics and information operations.

6clicks

6clicks

6clicks is an easy way to implement your risk and compliance program or achieve compliance with ISO 27001, SOC 2, PCI-DSS, HIPAA, NIST, FedRAMP and many other standards.

Retruster

Retruster

Protect your users against phishing emails, ransomware & fraud with the most advanced, user-friendly, non-intrusive solution available.

Klaatu IT Security (KITS)

Klaatu IT Security (KITS)

Klaatu IT Security is a boutique provider of cyber security services, empowering our clients to prioritise and reduce their cyber risk.

PatchAdvisor

PatchAdvisor

PatchAdvisor core services include Vulnerability Assessments/Penetration Testing, Application Vulnerability Assessments, and Incident Response.

Opal Security

Opal Security

Opal is an identity and access management platform that offers a consolidated view and control of your whole ecosystem from on-prem to cloud and SaaS.

TIM Enterprise

TIM Enterprise

TIM Enterprise offers innovative, sustainable and secure 360-degree digital solutions to companies and public administrations.

IntelliBridge

IntelliBridge

IntelliBridge supports our nation’s most critical missions by solving complex technology, intelligence, and mission support challenges.