Is CCPA Another GDPR?

DZone 's Guide to

Is CCPA Another GDPR?

Your readiness roadmap to keep up with CCPA and GDPR.

· Big Data Zone ·
Free Resource


The European Union's GDPR compliance has been stirring up quite the conversation ever since it went into effect on May 2018. Arguably, the pioneer of data privacy regulation in the world, GDPR focuses on protecting consumer data from misuse.

So, more than a year later, it seems like GDPR is working out the way it was expected and changing the business landscape across the EU.

As it happens, the idea of data protection through a set of legally binding laws has inspired many other countries to follow suit.

In about three month's time, California is all set to roll out an exclusive compliance law, CCPA (California Consumer Privacy Act), on January 1st, 2020 for its citizens.

Although both the laws share the same objective i.e. to protect digital data and identities in the increasingly twisted online environment, their approaches are different.

You may also like: Probabilistic Identifiers in CCPA.

CCPA vs GDPR: The Core Differences

Let’s take a closer look at how CCPA implementation is going to be when compared to GDPR.

Ensuring Compliance

GDPR affects every company that collects and processes user data from the European Union. They may be marketers, technology firms, or data brokers.

GDPR is extremely serious and also applies to non-EU established organizations that offer goods and services to citizens in the EU.

When it comes to CCPA, it will include businesses that collect or sell personal information from Californians. However, when compared to GDPR, the rules seem a little lenient:

  • Only ompanies with annual revenue of $25M+ will be affected.
  • Businesses that collect data from more than 50,000 users will comply.
  • Businesses that generate 50% of revenue by selling the user data will comply.

By the looks of it, CCPA will be targeting large corporations and businesses that deal with large amounts of user data.

Data Breach Penalties and Fines

The penalties for breaking GDPR is far more stringent than CCPA. GDPR can even apply violations if it thinks someone is acting in a suspicious manner. Such violations will result in a penalty of 4% of global annual turnover or €20 million euro — whichever is higher.

On the other hand, a CCPA violation will only be considered when a data breach has been confirmed. Penalties can rack up to $7,500 fine per violation. It also gives the citizen of California the right to sue a business if proper compliance is not followed.

The Right to Delete Data

Both GDPR and CCPA give users the right to delete their data permanently, but each follows a different set of regulations.

For starters, GDPR allows users to have all their data removed, including those from third-party resources too. On the other hand, CCPA will only remove data that has been directly collected from the user.

The list, however, does not end here. Check out the infographic by LoginRadius to get a better overview.

Image title

Further Reading

customer experience, cybersecurity, data security, digital identity, gdpr compliance, identity and access management, saas, technology

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}