< Back to Blog
CCPA vs GDPR: How Do They Compare?
Standards & Regulations

CCPA vs GDPR: How Do They Compare?

By Yaffa Klugerman Jan 29, 20193 min read

The California Consumer Privacy Act (CCPA) is expected to significantly strengthen data collection and privacy in the USA when it goes into effect on January 1, 2020. The law, which was created directly in response to the Cambridge Analytica-Facebook data hijacking scandal, is a far-reaching data privacy regulation like the European Union’s General Data Privacy Regulation (GDPR). In fact, some are saying that CCPA is the American version of GDPR.

Nevertheless, significant differences exist between the two data privacy regulations. How do they compare? Here are a few insights.

They’re for different populations, but both are far-reaching.

GDPR protects European Union citizens, but applies to any companies that do business with them—including those located outside Europe. For example, Amazon and Facebook must comply since many of their customers are located in EU member states.

CCPA technically only applies to large organizations that conduct business in California. But bear in mind that nearly 40 million people live in California, which is more people than in Canada and about 12% of the US population. California also has the fifth largest economy in the world, with a GDP of more than $2.7 trillion.

Because of the global reach of GDPR, many businesses have concluded that it makes sense to be GDPR-compliant for all customers rather than just European ones. Similarly, many companies will likely conclude that it’s easier to comply with CCPA for all customers, rather than just for those who reside in California.

They have different terms, but both include broad privacy rights.

GDPR and CCPA are fairly consistent in the sense that they guarantee certain privacy rights.

GDPR grants EU citizens the rights to:

  • Be informed
  • Access
  • Rectification
  • Erasure
  • Restrict processing
  • Data portability
  • Objection

Similarly, CCPA grants California residents the rights to:

  • Disclosure
  • Deletion
  • Access
  • Opt-out
  • Non-discrimination

Because of the similar privacy requirements, those businesses that already comply with GDPR should have a much easier time complying with CCPA.

They have different penalties for non-compliance, but both could cost businesses a lot.

Organizations can be sure that doing nothing to comply with either regulation will cost dearly. That being said, the differences in fines are significant.

The stakes are quite high for organizations that do not comply with GDPR. Penalties can be as high as €20 million or 4 percent of annual revenue—whichever is greater.

With CCPA, the penalties are lower, but they can add up. Organizations can be fined up to $2,500 for each negligent violation and up to $7,500 for each intentional violation. However, CCPA does not specify a maximum amount, meaning that theoretically, organizations can be fined several penalties for each violation.

Is CCPA the new GDPR for Americans? As we’ve seen, the answer is yes and no. But the two regulations have at least one more characteristic in common: Both require your business to be ready.

Interested in learning how you can make sure your third parties comply with GDPR and CCPA? Contact us today for a free demo.  

humbnail
Yaffa Klugerman

Yaffa Klugerman is Content Manager at Panorays. She enjoys writing about the cyber world, drinking too many cappuccinos and arguing about the use of serial commas.

You may also like...
Securing Your Suppliers: Complying With Regulations
Oct 22, 2020 Securing Your Suppliers: Complying With Regulations Dov Goldman
7 Facts You Should Know About NYDFS
Sep 07, 2020 7 Facts You Should Know About NYDFS Dov Goldman
4 NIST Standards Your Organization Should Align With
May 27, 2020 4 NIST Standards Your Organization Should Align With Dov Goldman
Get our latest posts straight to your inbox Subscribe

We use cookies to ensure you get the best experience on our website. Visit our Privacy Policy for more information.