In our previous blog we talked about the CCPA “California Consumer Privacy Act” the data protection compliance which is coming into effect on Jan, 1, 2020. The act is modeled after the GDPR “General Data protection Regulation”. People who are aware of GDPR will see similarities with the CCPA compliance.
Both of these compliance CCPA and GDPR are giving customers and individuals certain rights as to how their personal information is collected and used. However, there are certain things which need to be tracked from the companies side. California has much larger economy than UK, so there are penalties which may be more severe than the GDPR, apart from this there are several notable differences between CCPA and GDPR which are noted below.
Meaning of (PI) Personal Information – CCPA describes PI as information that identifies, relates to, describe, or is capable of being associated directly or indirectly with consumer or his/her household, “Household” is broader than that data of individual whereas GDPR define PI as information relating to the consumer only.
Data rights grant – CCPA grants consumers five rights, for disclosure, deletion, access, opt-out, and rights of non-discrimination. whereas GDPR grants right to be informed, access, erasure, data portability, rectification and object.
Who must comply – CCPA defines this as “California businesses” of substantial size in regard to revenue or number of consumers affected which collect personal data of the consumers whereas GDPR describes as “data controllers” who determine the purpose and process the data and “data processors” those who process the data for controllers, which holds personal data of EU citizens.
Penalties/Fine – CCPA charges $2500 per violation in case of any breach and upwards of $7500 for intentional violations whereas GDPR fines up to 4% of the annual turnover or 20 million euro; whichever is higher.
GDPR and CCPA will have far reaching impacts across all over the state jurisdictions. Although the CCPA does not go into effect for another 8 months, but time to start preparing and protecting your company from violations is now.