Continued from the part III – https://www.linkedin.com/posts/charupel_how-do-i-leverage-my-gdpr-preparation-for-activity-6561593578160738304-VCkz/
Continued from the part IV – https://www.linkedin.com/posts/charupel_how-do-i-leverage-my-gdpr-preparation-for-activity-6564159152740974592-E
Continued from the Part V – https://www.linkedin.com/posts/charupel_monday-morning-cybersecurity-activity-6566860154967474176-68PZ/
The CCPA requires all businesses with customers in California to disclose personal information they store, the purpose of storing that information, and with whom that information is shared or to whom sold. The five new rights that have been awarded to Californians by CCPA:
- A right to know what personal information is being collected about them;
- A right to know whether their personal information is sold or disclosed and to whom;
- A right to say no to the sale of personal information;
- A right to access their personal information; and
- A right to equal service and price, even if they exercise their privacy rights.
Data Privacy Officers, Privacy Staff, Consultants, HR, Legal, etc. find it very useful to have handy comparison between GDPR and CCPA to identify additional efforts required to implement CCPA.
Below is the continuation of the Comparison Between the GDPR and CCPA.
Details | GDPR | CCPA |
Law applies to | Refer to blog Part III – https://www.linkedin.com/posts/charupel_how-do-i-leverage-my-gdpr-preparation-for-activity-6561593578160738304-VCkz/ | |
Protects | ||
Protected Information | ||
Security | ||
Anonymous, Deidentified, Pseudonymous, or Aggregated Data | Refer to blog Part IV: https://www.linkedin.com/posts/charupel_how-do-i-leverage-my-gdpr-preparation-for-activity-6564159152740974592-EKL9/ | |
Privacy Notice / Information Right | ||
Opt-Out Right for Personal Information Sales | ||
Security | ||
Children | ||
Right of Disclosure or Access | Refer to blog Part V: https://www.linkedin.com/posts/charupel_monday-morning-cybersecurity-activity-6566860154967474176-68PZ/ | |
Right of Data Portability | ||
Right to Deletion / Erasure (The Right to be Forgotten) | ||
Right of rectification |
Details | GDPR | CCPA |
Right to Restrict Processing | Individuals have the right to request the restriction or suppression of their personal data in certain circumstances. When processing is restricted, you are permitted to store the personal data, but not use it. An individual can make a request for restriction verbally or in writing. | None, other than the right to opt-out of personal information sales. |
Right to Object to Processing | The GDPR gives individuals the right to object to the processing of their personal data for direct marketing or there is a compelling reason for doing so.An individual can make an objection verbally or in writing. | None, other than the right to opt-out of personal information sales. |
Right to Object to Automated Decision-Making | The GDPR has provisions on automated individual decision-making (deciding solely by automated means without any human involvement); and profiling (automated processing of personal data to evaluate certain things about an individual). which has legal or other significant effects on the data subject, subject to certain exceptions.The GDPR applies to all automated individual decision-making and profiling. | None |
Non-Discrimination | ||
Responding to Rights Requests | A data controller must: Verify the identity of a data subject before responding to a request. | A business must: Comply with a verifiable consumer request (as defined in Cal. Civ. Code § 1798.140(y)). potentially extendable once for another 45 or 90 days on customer notification. |
Penalties (Private Rights of Action) | declaratory relief. | |
Penalties (Civil Fines) |
Source: Thomson Reuters & ICO
RELATED POST :
How Do I Leverage My GDPR Preparation for CCPA? Part III