The Main Differences Between CCPA & GDPR
Techsense Team I 7:05 am, 29th January
The general premise of two of the important data privacy laws such as GDPR and CCPA is the same- giving consumers more control over their personal data and protecting their right to privacy.
The General Data Protection Regulation (GDPR) is the world's first comprehensive data privacy law that came into effect on May 25, 2018 and protects the privacy of all data subjects in the EU. The California Consumer Privacy Act (CCPA) of 2018, implemented on January 1, 2020, and applies to residents of California only.
While the two laws overlap on many aspects, there are differences with respect to certain aspects including the scope of application, accountability, and collection limitations.
Here are the key differences between CCPA and GDPR:
Key differences between CCPA and GDPR
Who it applies to:
CCPA: Applies to:
- for-profit businesses that process the personal information of 50K or more consumers
- businesses that earn 50 percent of their revenue (monetary or otherwise) by sharing the personal data of Californian consumers.
- businesses that have annual revenue of 25 million or more.
GDPR: Applies to all entities, including data controllers, for-profit, non-profit, public entities, individuals, and NGOs that offer services or goods, or target consumers in the EU. Data controllers are defined as entities that process or collect data of EU subjects regardless of their purpose, shape, or size.
The GDPR does not set restrictions on the size, revenue, or geographic location of businesses that need to comply with the regulation.
Scope of penalties:
Non-compliance with GDPR can lead to a penalty of €20 million or 4 percent of the business's global annual turnover, whichever is highest. The fines are determined by the gravity, duration, and nature of the infringement. Monetary penalties in CCPR are smaller at $2.500 per violation while international infringement can go up to $7500.
Protection
Protections apply under CCPA to consumers in California only.
GDPR protects all 'data subjects' who can be any person in the EU, not only residents or citizens of EU. This includes those who are in any member state for other than transitory purpose and EU citizens who have gone out of the state for temporary purpose.
Data security
GDPR: Requires data controllers to implement adequate measures to secure data.
CCPA: While there are no such data security requirements, consumers can take legal action should a security breach occurs.
Data rectification
GDPR: Consumers can request correction of any incomplete or incorrect personal data.
CCPA: Consumers do not have any rectification rights.
Representation
GDPR: Requires businesses outside the EU that process EU residents' data to appoint an EU representative.
CCPA: No specific representation requirements
Consent
GDPR: Prior consent from data subjects is a must for using data.
CCPA: While businesses need not obtain explicit consent for data use, they need to provide clear information to consumers on how their personal data will be used.
While both data privacy laws seek to empower consumers with comprehensive rights over their data, GDPR is a broader and bigger privacy law with more stringent penalties for non-compliance. In comparison, the CCPA is a more specific, smaller sectoral law that protects the rights of residents of California related to their data use.
Subscribe to our Newsletters
Stay up to date with our latest news
more news
LuxProvide and DataChef harness MeluXina Supercomputer for the development of an ultra-fast, accurate, and efficient Large Language Model
by LuxProvide I 11:13 am, 27th November
LuxProvide, the national Luxembourgish leading provider of high-performance computing solutions, and DataChef, a Dutch leading consultancy firm specializing in data-driven solutions, have recently signed their new business partnership and are ready to share the results of their first project.
Quel est le point commun entre les centres de données et la plomberie de votre maison ?
by Dell Technologies I 1:57 pm, 6th October
Cela peut paraître prosaïque, mais une infrastructure informatique robuste et bien organisée ressemble un peu à une bonne plomberie. Quand la tuyauterie est problématique, il ne sert à rien d’avoir une salle de bains ultramoderne avec des carreaux de marbre, un jacuzzi et une douche à jet.Si vous avez installé votre infrastructure informatique au coup par coup, il se peut qu’elle ne soit plus adaptée à l’usage auquel elle est destinée. Il est ainsi peu probable qu’elle puisse supporter des projets de transformation tels que le multicloud, la cybersécurité ou la transformation de la main-d’œuvre.
load more