GDPR vs. CCPA

The General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) and the California Consumer Privacy Act of 2018 (‘CCPA’) both aim to guarantee strong protection for individuals regarding their personal data and apply to businesses that collect, use, or share consumer data, whether the information was obtained online or offline.

GDPR - Detailed BreakdownCCPA - Detailed Breakdown

The General Data Protection Regulation (GDPR), which went into effect on May 25, 2018 is one of the most comprehensive data protection laws in the world to date. Absent a comprehensive federal privacy law in the U.S., the California Consumer Protection Act (CCPA) is considered to be one of the most significant legislative privacy developments in the country.

Like the GDPR, the CCPA’s impact is expected to be global, given California’s status as the fifth largest global economy. The CCPA will take effect on January 1, 2020, but certain provisions under the CCPA require organizations to provide consumers with information regarding the preceding 12-month period, and therefore activities to comply with the CCPA may well be necessary sooner than the effective date.

Understanding the Key Differences Between GDPR & CCPA

While the CCPA bears a resemblance to the GDPR, there are several notable differences, and companies should not assume that GDPR compliance means CCPA compliance.

GDPR

GDPR - Definition of personal information

Under GDPR, the definition of personal information (or PII) is limited to only information relating to the customer (and does not include information or data that relates to his or her household).

GDPR - Disclosures

GDPR requires disclosure of, among other things, the identity and contact information of the controller entity, the purpose and legal basis of processing, legitimate interests (if applicable), recipients of the personal data, and whether the controller intends to transfer data to a third country.

GDPR - Deletion

GDPR breaks down six grounds that give the data subject the right to request deletion (i.e., data no longer necessary, consent withdrawn, objection made, unlawful processing, compliance with EU law, data collected in relation to the offer of services to a child).

GDPR - Access & Data Portability

Under the GDPR, the right of portability is not absolute. It applies only if the lawful basis for processing the information is consent or contractual necessity.

CCPA

CCPA - Definition of personal information

Under the CCPA, the definition of personal information (or PII) includes information that relates to the consumer or his or her household. The CCPA personal information definition includes inferences drawn from data. Further, unlike the GDPR definition, the CCPA personal information definition includes inferences drawn from data.

CCPA - Disclosures

Under the CCPA, businesses are required to disclose and deliver the sources of information, the categories of information and the specific pieces of consumer information that are collected, sold or disclosed for a business purpose, as well as provide special notice to a particular consumer (above and beyond the privacy policy).

CCPA - Deletion

Under the CCPA, the consumer holds the right to make a deletion request for any reason and at any time. 

CCPA - Access & Data Portability

Under the CCPA, once the consumer’s request has been verified, the business must disclose and deliver free of charge the required information within 45 days of receiving the verifiable request. The information is to be delivered in a readily useable format so that the consumer may readily transfer his or her information to another business.

Ensure your company isn't penalized for not being compliant

About MDS

Maureen Data Systems is a IT services and solutions company committed to developing custom, streamlined solutions for customers to achieve their business objectives.

MDS structures its highly skilled engineers to align with how our customers consume technology—with one team responsible for infrastructure, another heading up productivity and applications, and a third committed to identity and security solutions.

Contact Us

NYC Headquarters
307 W. 38th Street, Suite 1801
New York, NY 10018

Tel
646-744-1000
Email: 
contactus@mdsny.com

NYC | FL | TX | PR

Download your MDS Line Card here.