What is GDPR & CCPA?
Apr 5, 2023
GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act) are significant regulatory frameworks designed to protect personal data, but they each originate from different regions and have distinct provisions and emphases.
GDPR (General Data Protection Regulation)
GDPR is a comprehensive data protection law that came into effect on May 25, 2018, in the European Union. It applies to all companies processing and holding the personal data of individuals residing in the European Union, regardless of the company’s location. Key features of GDPR include:
Consent: Explicit consent must be obtained from individuals before processing their personal data, and it must be easy for people to withdraw consent.
Right to Access: Individuals have the right to access their personal data and information about how this data is being processed.
Right to Be Forgotten: Also known as Data Erasure, it entitles the individual to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data.
Data Portability: Individuals have the right to receive their personal data and transfer it to another controller.
Breach Notification: A data breach likely to result in a risk to the rights and freedoms of individuals must be reported within 72 hours of the entity becoming aware of it.
CCPA (California Consumer Privacy Act)
The CCPA, which took effect on January 1, 2020, is a state statute intended to enhance privacy rights and consumer protection for residents of California, USA. The CCPA shares some similarities with GDPR but focuses more on consumer rights regarding the sale of personal data. Key aspects include:
Right to Know: Consumers can request to know the categories and specific pieces of personal data that a business has collected about them.
Right to Delete: Consumers can request the deletion of personal data that a business has collected from them.
Right to Opt-Out: Consumers can direct a business that sells personal data to third parties not to sell their personal data. This is known as the right to opt-out.
Non-Discrimination: The CCPA prohibits businesses from discriminating against consumers who exercise their rights under the Act.
Both GDPR and CCPA aim to empower individuals with greater control over their personal data, but GDPR is more extensive in its requirements regarding data processing and affects businesses globally that deal with EU residents, while CCPA specifically targets businesses operating in California and focuses significantly on the sale of personal data.