The General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) and the California Consumer Privacy Act of 2018 (‘CCPA’) both aim to guarantee strong protection for individuals regarding their personal data and apply to businesses that collect, use, or share consumer data, whether the information was obtained online or offline.

GDPR - Detailed BreakdownCCPA - Detailed Breakdown

The General Data Protection Regulation (GDPR), which went into effect on May 25, 2018 is one of the most comprehensive data protection laws in the world to date. Absent a comprehensive federal privacy law in the U.S., the California Consumer Protection Act (CCPA) is considered to be one of the most significant legislative privacy developments in the country.

Like the GDPR, the CCPA’s impact is expected to be global, given California’s status as the fifth largest global economy. The CCPA will take effect on January 1, 2020, but certain provisions under the CCPA require organizations to provide consumers with information regarding the preceding 12-month period, and therefore activities to comply with the CCPA may well be necessary sooner than the effective date.

Understanding the Key Differences Between GDPR & CCPA

While the CCPA bears a resemblance to the GDPR, there are several notable differences, and companies should not assume that GDPR compliance means CCPA compliance.


GDPR - Definition of personal information

Under GDPR, the definition of personal information (or PII) is limited to only information relating to the customer (and does not include information or data that relates to his or her household).

GDPR - Disclosures

GDPR requires disclosure of, among other things, the identity and contact information of the controller entity, the purpose and legal basis of processing, legitimate interests (if applicable), recipients of the personal data, and whether the controller intends to transfer data to a third country.

GDPR - Deletion

GDPR breaks down six grounds that give the data subject the right to request deletion (i.e., data no longer necessary, consent withdrawn, objection made, unlawful processing, compliance with EU law, data collected in relation to the offer of services to a child).

GDPR - Access & Data Portability

Under the GDPR, the right of portability is not absolute. It applies only if the lawful basis for processing the information is consent or contractual necessity.


CCPA - Definition of personal information

Under the CCPA, the definition of personal information (or PII) includes information that relates to the consumer or his or her household. The CCPA personal information definition includes inferences drawn from data. Further, unlike the GDPR definition, the CCPA personal information definition includes inferences drawn from data.

CCPA - Disclosures

Under the CCPA, businesses are required to disclose and deliver the sources of information, the categories of information and the specific pieces of consumer information that are collected, sold or disclosed for a business purpose, as well as provide special notice to a particular consumer (above and beyond the privacy policy).

CCPA - Deletion

Under the CCPA, the consumer holds the right to make a deletion request for any reason and at any time. 

CCPA - Access & Data Portability

Under the CCPA, once the consumer’s request has been verified, the business must disclose and deliver free of charge the required information within 45 days of receiving the verifiable request. The information is to be delivered in a readily useable format so that the consumer may readily transfer his or her information to another business.

Ensure your company isn't penalized for not being compliant

About MDS

Our mission here at Maureen Data Systems (MDS) is to digitally transform business environments with the use of cloud infrastructure, security and privacy controls, data analytics, and managed services.

As a woman-owned business, we embrace a culture of inclusivity, diversity, and consistent learning. The MDS team, in both the US and Latin America, is comprised of certified professionals that work with you to deliver strategic implementations, providing you with a competitive advantage. Our utmost priority is maintaining our customer technology needs, which is why 25+ years later we continue to grow.


Upcoming Events

September 23, 2020 - Webinar
Microsoft Teams Calling Solution with MDS & Ribbon

September 29, 2020 - Webinar
Social Streaming: Developing Data with Azure Synapse Analytics

September 30, 2020 - Webinar
Azure DevOps & Infrastructure as Code with MDS

October 7, 2020 - Webinar
MDS Third Annual Cybersecurity Conference

October 21, 2020 - Webinar (Spanish)
Azure DevOps & Infraestructura Como Código con MDS

Contact Us

Global Headquarters
500 W 43rd Street, Suite 33E
New York, NY 10036

Tel: 646.744.1000

Locations: NYC | FL | TX | PR

Stay on top of technology news and trends, sign up for our monthly newsletter.

Download the MDS Line Card.