How Do I Leverage My GDPR Preparation For CCPA? Part VI
Continued from the Part III.
Continued from the Part IV.
Continued from the Part V.
The CCPA requires all businesses with customers in California to disclose personal information they store, the purpose of storing that information, and with whom that information is shared or to whom sold. The five new rights that have been awarded to Californians by CCPA:
What new rights does CCPA award to Californians?
- A right to know what personal information is being collected about them;
- A right to know whether their personal information is sold or disclosed and to whom;
- A right to say no to the sale of personal information;
- A right to access their personal information; and
- A right to equal service and price, even if they exercise their privacy rights.
Why is GDPR vs CCPA comparison handy for teams?
Data Privacy Officers, Privacy Staff, Consultants, HR, Legal, etc. find it very useful to have handy comparison between GDPR and CCPA to identify additional efforts required to implement CCPA.
What prior comparison items are carried forward?
Below is the continuation of the comparison between the GDPR and CCPA.
| Details | GDPR | CCPA |
| Law applies to Protects Protected Information Security | Refer to blog Part III - Part III | |
| Anonymous, Deidentified, Pseudonymous, or Aggregated Data Privacy Notice / Information Right Opt-Out Right for Personal Information Sales Security Children | Refer to blog Part IV: Part IV | |
| Right of Disclosure or Access Right of Data Portability Right to Deletion / Erasure (The Right to be Forgotten) Right of Rectification | Refer to blog Part V: Part V |
How do GDPR and CCPA compare on additional rights and enforcement?
| Details | GDPR | CCPA |
| Right to Restrict Processing | Individuals have the right to request the restriction or suppression of their personal data in certain circumstances. When processing is restricted, you are permitted to store personal data, but not use it. An individual can make a request for restriction verbally or in writing. | None, other than the right to opt-out of personal information sales. |
| Right to Object to Processing | The GDPR gives individuals the right to object to the processing of personal data for direct marketing or where there is a compelling reason for doing so. An individual can make an objection verbally or in writing. | None, other than the right to opt-out of personal information sales. |
| Right to Object to Automated Decision-Making | The GDPR has provisions on automated individual decision-making (deciding solely by automated means without any human involvement) and profiling (automated processing of personal data to evaluate certain things about an individual), which has legal or other significant effects on the data subject, subject to certain exceptions. The GDPR applies to all automated individual decision-making and profiling. | None. |
| Non-Discrimination | ||
| Responding to Rights Requests | A data controller must verify the identity of a data subject before responding to a request. | A business must comply with a verifiable consumer request (as defined in Cal. Civ. Code section 1798.140(y)), potentially extendable once for another 45 or 90 days on customer notification. |
| Penalties (Private Rights of Action) | Declaratory relief. | |
| Penalties (Civil Fines) |
Source: Thomson Reuters & ICO.
Related Resources
Related Posts
How Do I Leverage My GDPR Preparation For CCPA? Part V
GDPR vs CCPA Part V compares access, portability, deletion, and rectification rights to help teams design practical consumer-request workflows.
Read More
How Do I Leverage My GDPR Preparation for CCPA? Part IV
GDPR vs CCPA Part IV covers deidentified data treatment, notice obligations, opt-out requirements, security posture, and children-related controls.
Read More
How Do I Leverage My GDPR Preparation for CCPA? Part III
GDPR vs CCPA Part III explains CCPA consumer rights, personal information categories, and key implementation differences from GDPR programs.
Read More
GRC Insights That Matter
Exclusive updates on governance, risk, compliance, privacy, and audits — straight from industry experts.