A lot has been said and done in the past year to change the way how personal data is collected, stored and protected by online businesses. The biggest player in the game is the EU’s General Data Protection Regulation (GDPR) and the US-based California Consumer Privacy Act (CCPA) is about to follow suit in January 2020.
While the GDPR has been successful in setting new privacy standards, the CCPA drew inspiration from the EU regulation and is all set to roll out new rules to protect the personal data of its citizens in the US.
Does GDPR compliance law cover CCPA?
No. Both regulations are not interchangeable. Even though CCPA is commonly referred to as California’s Mini-GDPR, there are distinct differences between the two.
As outlined, the CCPA involves many encounters in the digital space, requiring companies to follow its compliance obligations. However, for organizations that have already adapted to GDPR compliance, the CCPA will come easy, but will still need some added effort.
So, if you own an online business, there is a high likelihood that you’d need to comply with at least one of these laws — if not both.
Although CCPA is inspired by GDPR, there are four major differences that separate them.
1. The thing about compliance
While GDPR applies to all businesses that offer services to the citizens of the EU, irrespective of the size and location, CCPA extends a slightly narrower reach.
CCPA only applies to businesses that are based in California earning a revenue of $25 million USD and above. Furthermore, as a nod to the infamous Facebook scandal, it also applies to businesses that generate revenue by scaling personal information.
2. Difference in penalties
Non-compliance or data breach under GDPR will result in penalties that may reach up to €20 million Euro or 4% of the company’s global turnover (whichever is greater). Also, all applicable administrative taxes will be implemented proportionately.
In the case of CCPA, fines are decided upon the severity of the violation which can reach up to $7,500 USD per violation.
Also, GDPR can be imposed on any company that is not behaving responsibly or that is deemed to be at risk of a data breach. CCPA, on the other hand, is applicable only when there is proof of violation.
3. The right to decide
Both regulations offer customers the right to have their data accessed or deleted. The GDPR imposes restriction on data related to the European Union, whereas in the case of CCPA, both the consumer and data reasonably linked with a household is considered as identifiable entities. But then, there are also instances where only data provided by the consumer is considered.
4. Enactment and enforcement dates
The GDPR was adopted in April 2016 and came into effect in May 2018 whereas the CCPA is all set to go live in January 2020.
To learn more about the CCPA and the GDPR, check out the infographic below by LoginRadius.
Author Bio: Rakesh Soni is CEO of LoginRadius, a leading provider of cloud-based digital identity solutions. The LoginRadius Identity Platform serves over 3,000 businesses and secures one billion digital identities worldwide. LoginRadius has been named as an industry leader in the customer identity and access management space by Gartner, Forrester, KuppingerCole, and Computer Weekly. Connect with Soni on LinkedIn or Twitter.