Powered by
English
Español
Français
English
Español
Français
Legitimate Interest. This is something that many companies are considering to use to avoid documenting consent for GDPR. Companies do not have this luxury with CCPA (the California law). Summary – If it is a competition for most robust, one point goes to CCPA for being more protective.
Personal Data / PII. In terms of defining Personal Data / PII, it appears as CCPA has a list quite similar to GDPR. Summary – Tie
Fees (Part 1). GDPR fines for damages for lack of compliance. It appears CCPA will levy fines in the event of a breach only. Summary – One point to GDPR
Fees (Part 2). GDPR effectively applies to any controllers and processors (the threshold is very low). Whereas, CCPA applies only to business that have high revenues ($25M) OR large numbers of processing (50K) OR has much (50 percent) of their revenue from personal information sales. Summary – One point to GDPR
Fees (Part 3). Fines under GDPR are based on global revenues (4 percent) whereas CCPA levies fines based on each violation ($7,500). So, in the case of a large breach (like Equifax – 12 million records), the fines can quickly approach billions of dollars. Summary – One point to CCPA
Consent. This is a huge deal for GDPR. CCPA allows businesses to expect consumers to opt-out. This is a big difference from GDPR's requirement for businesses to demonstrate that people have opted-in, under their own free will. Summary – One point to GDPR
People have the right to know (data subject requests)
Breach notifications are important
Managing third parties is important
Data privacy legislation is here to stay