How Do I Leverage My GDPR Preparation for CCPA? Part V

Continued from part III & IV

The CCPA requires all businesses with customers in California to disclose personal information they store, the purpose of storing that information, and with whom that information is shared or to whom sold. The five new rights that have been awarded to Californians by CCPA:

A right to know what personal information is being collected about them;
A right to know whether their personal information is sold or disclosed and to whom;
A right to say no to the sale of personal information;
A right to access their personal information; and
A right to equal service and price, even if they exercise their privacy rights.

Data Privacy Officers, Privacy Staff, Consultants, HR, Legal, etc. find it very useful to have a handy comparison between GDPR and CCPA to identify additional efforts required to implement CCPA.

The last blog detailed the CCPA – Personal Information Categories and included the Comparison Between the GDPR and CCPA for a Few Selective Categories such as Law Applies To, Protects, Protected Information, and Security. Below is the continuation:

Details	GDPR	CCPA
Law applies to	Refer to blog Part III – https://www.linkedin.com/posts/charupel_how-do-i-leverage-my-gdpr-preparation-for-activity-6561593578160738304-VCkz/
Protects
Protected Information
Security

Anonymous, Deidentified, Pseudonymous, or Aggregated Data	Refer to last blog Part IV: https://www.linkedin.com/posts/charupel_how-do-i-leverage-my-gdpr-preparation-for-activity-6564159152740974592-EKL9/
Privacy Notice / Information Right
Opt-Out Right for Personal Information Sales
Security
Children

Details	GDPR	CCPA
Right of Disclosure or Access	Individuals have the right to access their personal data, which includes receiving a copy or to obtain certain information about the data controller’s processing this is commonly referred to as subject access. Individuals can make a subject access request verbally or in writing. Corporations cannot charge a fee to deal with a request in most circumstances.	Consumers have a right to request disclosure or access to their personal information. To receive additional details regarding the personal information a business collects and its use purposes, including any third parties with which it shares information.
Right of Data Portability	The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. Receive a copy of the personal data in a commonly used and machine-readable format.It allows them to move, copy or transfer personal data easily from one IT environment to another.Transmit the personal data to another data controllerThe right only applies to information an individual has provided to a controller.	In response to a request for disclosure, a business must provide personal information in a readily useable format Consumer can transmit the information from one entity to another entity without hindrance.
Right to Deletion / Erasure (The Right to be Forgotten)	The GDPR introduces a right for individuals to request erasure of personal data under six circumstances (the right to be forgotten).Individuals can make a request for erasure verbally or in writing.The right is not absolute and only applies in certain circumstances.Data controllers must also take reasonable steps to inform any other data controllers also processing the data.	A consumer has the right to deletion of personal information a business has collected, subject to certain exceptions. The business must also instruct its service providers to delete the data.
Right of Rectification	The GDPR includes a right for individuals to:Correct inaccurate personal data.Complete incomplete personal data.An individual can make a request for rectification verbally or in writing.In certain circumstances you can refuse a request for rectification.This right is closely linked to the controller’s obligations under the accuracy principle of the GDPR (Article (5)(1)(d)).	None