Professional Documents
Culture Documents
GDPR stands for General Data Protection Regulation and It is the core of Europe’s digital
privacy legislation. It is a regulation in European Union (EU) about data protection and
privacy and the European Economic Area (EEA). In April 2016, the European Parliament
adopted the GDPR, replacing its outdated Data Protection Directive, enacted back in
1995. Unlike a regulation, a directive allows for each of the twenty-eight members of the
EU to adopt and customize the law to the needs of its citizens, whereas a regulation
requires its full adoption with no scope by all 28 countries second. In this instance, the
GDPR requires all 28 countries of the EU to comply (Rossow, 2018).
GDPR is a set of rules which is designed to give European Union citizens to have more
control over their personal data. Every organizations and individuals live revolves around
data. Hence, it is necessary to protect such data. GDPR is applied to any organization
that operates within the European Union as well as any organizations outside the Eu
which gives services to customer or business in the EU. So, it means that every major
organization must need a GDPR compliance strategy. The GDPR was adopted on
14 April 2016, and became enforceable beginning 25 May 2018.
California Consumer Privacy Act (CCPA)
“California Consumer Privacy act (CCPA) is a state statue intended to enhance privacy
rights and consumer protection for the residents of California, United States”
(cookiebot.com, 2020). It was implemented in January 1, 2020. It gives consumers more
control over the personal information that business collects from them. Some of the rights
that consumer gets from this Act are discussed below:
➢ Right to know the personal information that business collects and how they are used
and shared
➢ Right to delete personal information collected form them. Some of them can be
exceptions
➢ The right to say business to stop of the sale of their personal and
➢ The right to non-discrimination for exercising their CCPA rights (oag.ca.gov, 2020).
Only California residents have the rights under the CCPA. The personal information
related in CCPA is that identifies, related to, or could reasonably be linked with you or
your household. Personal information does not include publicly available information that
is from federal, state or local government records, professional licenses. CCPA applies
for profit business that do business in California which have gross annual revenue of over
$25 million. CCPA doesn’t apply to nonprofit organizations or government agencies
(oag.ca.gov, 2020).
Differences between GPDA and CCPA
The major difference between GDPA and CCPA is according to its application, nature
and extent of collection limitation, and rules concerning accountability. The first difference
between GDPA and CCPA applies to all the business that process data of European
Union citizens, irrespective of their location or size. The CCPA is slightly narrower which
applies to California based business with a revenue above $25 million USD or those
whose primary business is the sale of personal information (Fielding, 2019).
GDPR commands penalties for non-compliance and data breach which can reach up to
4% of the company’s annual global turnover or 20 million euros. Whereas CCPA fines
are applied per violation maximum up to $7,500. GDPR can apply a sanction where a
company is deemed to be at risk of a breach or not behaving responsibly. In addition,
CCPA allows for the consumer to sue the business for violation (Fielding, 2019).