Research on General Data Protection Regulation (GDPR) and

California Consumer Privacy Act (CCPA)

Introduction
General Data Protection Regulation (GPDA)

GDPR stands for General Data Protection Regulation and It is the core of Europe’s digital
privacy legislation. It is a regulation in European Union (EU) about data protection and
privacy and the European Economic Area (EEA). In April 2016, the European Parliament
adopted the GDPR, replacing its outdated Data Protection Directive, enacted back in
1995. Unlike a regulation, a directive allows for each of the twenty-eight members of the
EU to adopt and customize the law to the needs of its citizens, whereas a regulation
requires its full adoption with no scope by all 28 countries second. In this instance, the
GDPR requires all 28 countries of the EU to comply (Rossow, 2018).

GDPR is a set of rules which is designed to give European Union citizens to have more
control over their personal data. Every organizations and individuals live revolves around
data. Hence, it is necessary to protect such data. GDPR is applied to any organization
that operates within the European Union as well as any organizations outside the Eu
which gives services to customer or business in the EU. So, it means that every major
organization must need a GDPR compliance strategy. The GDPR was adopted on
14 April 2016, and became enforceable beginning 25 May 2018.
California Consumer Privacy Act (CCPA)
“California Consumer Privacy act (CCPA) is a state statue intended to enhance privacy
rights and consumer protection for the residents of California, United States”
(cookiebot.com, 2020). It was implemented in January 1, 2020. It gives consumers more
control over the personal information that business collects from them. Some of the rights
that consumer gets from this Act are discussed below:

➢ Right to know the personal information that business collects and how they are used
and shared
➢ Right to delete personal information collected form them. Some of them can be
exceptions
➢ The right to say business to stop of the sale of their personal and
➢ The right to non-discrimination for exercising their CCPA rights (oag.ca.gov, 2020).

Only California residents have the rights under the CCPA. The personal information
related in CCPA is that identifies, related to, or could reasonably be linked with you or
your household. Personal information does not include publicly available information that
is from federal, state or local government records, professional licenses. CCPA applies
for profit business that do business in California which have gross annual revenue of over
$25 million. CCPA doesn’t apply to nonprofit organizations or government agencies
(oag.ca.gov, 2020).
Differences between GPDA and CCPA
The major difference between GDPA and CCPA is according to its application, nature
and extent of collection limitation, and rules concerning accountability. The first difference
between GDPA and CCPA applies to all the business that process data of European
Union citizens, irrespective of their location or size. The CCPA is slightly narrower which
applies to California based business with a revenue above $25 million USD or those
whose primary business is the sale of personal information (Fielding, 2019).

GDPR commands penalties for non-compliance and data breach which can reach up to
4% of the company’s annual global turnover or 20 million euros. Whereas CCPA fines
are applied per violation maximum up to $7,500. GDPR can apply a sanction where a
company is deemed to be at risk of a breach or not behaving responsibly. In addition,
CCPA allows for the consumer to sue the business for violation (Fielding, 2019).

Similarities between GDPR and CCPA

There are some of the similarities between GDPR and CCPA. Both GDPR and CCPA
only protects natural persons and does not cover legal persons. The GDPR and CCPA
require businesses to inform their subjects how their data are being gathered, shared,
and used. The GDPR and CCPA require companies to invest in cybersecurity to protect
the data of the consumers who have consented or willingly participated in the use of their
data. Both the regulation can sue business for penalties. Both the laws suggests
companies to invest in cybersecurity to protect the data of the consumers who have
consented in the use of their data (websitepolicies.com, 2020).
References
cookiebot.com, 2020. What is CCPA. [Online]
Available at: https://www.cookiebot.com/en/what-is-ccpa/
[Accessed 29 September 2020].
Fielding, J., 2019. Four differences between the GDPR and CCPA. [Online]
Available at: https://www.helpnetsecurity.com/2019/02/04/gdpr-ccpa-differences/
[Accessed 29 September 2020].
oag.ca.gov, 2020. California Consumer Privacy Act (CCPA). [Online]
Available at: https://oag.ca.gov/privacy/ccpa
[Accessed 29 September 2020].
Rossow, A., 2018. The Birth of GDPR. [Online]
Available at: https://www.forbes.com/sites/andrewrossow/2018/05/25/the-birth-of-gdpr-
what-is-it-and-what-you-need-to-know/#10c77c5e55e5
[Accessed 29 September 2020].
websitepolicies.com, 2020. Important Similarities and Differences Between CCPA &
GDPR. [Online]
Available at: https://www.websitepolicies.com/blog/ccpa-vs-gdpr
[Accessed 29 September 2020].