Data Identification & Clustering



    Quality & Integrity

    Platform Integration

    Data Privacy & Security

    Simulation & Automation

    Retention & Retirement

    Governance & Support

    Process Excellence

      r> #text


      Home > Newsroom > European Data Protection Regulation And California Consumer Privacy Act

      European Data Protection Regulation and California Consumer Privacy Act

      This includes the process in which it is obtained, stored, used and, not be forgotten, destructed. For private households this new law came with various advantages, for the companies themselves, it meant a lot of work and restructuring. The more data an organization collected over the years, the more data they have to dig themselves out of now to make sure they comply to new data protection law. On January 1, 2020, the California Consumer Privacy Act (CCPA), a similar law, is going to be introduced in California. This law also exists to protect the consumer and his or her privacy. Therefore, activities to comply with the CCPA will have to start at least 12 months before the implementation of this new law. This is the only way organizations can guarantee they are prepared and operating within the law once January 1, 2020 hits. As data privacy experts, Natuvion has broken down the core differences and similarities the GDPR and CCPA have in definitions, rights and enforcement.


      Key Definitions

      Personal Data/Personal Information

      Both, the GDPR and the CCPA define their “personal data” and “personal information” quite broadly. The GDPR generally only means identified or identifiable individuals while the CCPA also includes households. The GDPR also has a topic for “special categories of data” which means sensitive data like race, sexual preferences, etc. and prohibits processing that data.


      The GDPR and the CCPA are very similar in this point. The personal data of the “Data Subject” can no longer identify the person without the use of additional information that is kept separately. The GDPR allows the data subject itself to provide the additional information which the CCPA completely denies.


      Under the GDPR, children under 16 must have their guardians’ consent while the CCPA has an opt-in requirement for selling personal data. Children under 13 must also have their guardian opt-in for them.


      Research is defined in a very broad manner for the GDPR and the CCPA which allows both of them to act more freely for the public interest. Pseudonymization is important here. Under the GDPR, data collected for such research cannot be used otherwise. Under the CCPA the data collected for a certain research project can be used by the same business that collected the data in the first place.


      Personal Scope

      Compared to the GDPR where businesses, public bodies and institutions as well as not-for-profit organizations are affected, under the CCPA, only for-profit entities are included. Also, for the CCPA it is important to know that you must be a California resident in order to be protected.

      Territorial Scope

      The GDPR applies to all organizations within the EU and also organizations outside the EU if they offer goods and/or services to “data subjects” that are located in the EU. The CCPA on the other hand hasn’t clearly defined their criterium. The law says that it applies to organizations doing business in California with California residents.

      Consumer Rights

      The consumer has the right under both laws to request the deletion of his or her personal data. Furthermore, he or she has the right to know when data is being collected and what it is collected for (specific reason and it can only be used for that reason). The consumer also has the right under both laws to request to get a full report on what personal information an organization holds about them. This data is required to be received in a commonly used and easily usable format. The GDPR and the CCPA allow the consumers to ask the entities to stop processing and selling their information. The CCPA only allows to opt-out of the selling and not the collection of personal data. Under the GDPR it is different as any type of processing of the personal data can be requested to end. The CCPA establishes the right to non-discrimination for the exercise of rights. this menas that a business cannot deny consumers any goods or services, charge them different prices or provide a different level of quality if these consumers requested access or deletion of their personal informationor opted out from selling their personal data to the firm. The GDPR on the other hand does not have a clear point about this in its law.



      The authorities to supervise the application of the law are two different ones with different power as well. For the GDPR it is the national data protection authorities which are also part of the European Data Protection Board. The CCPA is supervised by the California Attorney General. Both laws have monetary penalties in order. For the GDPR the fines are issued by a data protection authority, the fines under the CCPA, however, are issued by a court. These laws are there to protect the consumers privacy and allow individuals and also class or collective actions to be brought against any organization that breaks these laws.


      With the introduction of the CCPA the hope is to strengthen the data protection rights of the residents of California. In the event of intentional breach of the CCPA's privacy obligations, the company must pay a fine of up to $ 7,500. If the company meets the consumer's demands within 30 days, a penalty can be avoided. The European GDPR and the California CCPA have many things in common. Especially the rights of those affected are very similar in the two laws. These provide the largest problem area in the implementation of the laws. Many of the experiences gained through the introduction of the GDPR can thus be partially adapted and reused. The already developed technical solutions can also be used for the CCPA.


      It remains to be seen whether other states will follow the Californian approach or if the US government will develop a uniform data protection system. Do not miss our next article in which we introduce you to the relevant fields of action of the CCPA and their effects and technical realization options in IT system landscapes. Do you have questions or need help with your own privacy project? Then Natuvion is the ideal contact - we are happy to assist and accompany you on your way.

      Related News

      Aug 24, 2021

      News from the Alps!

      The Natuvion Group is growing continuously. Since July 1st...

      Read More

      Aug 20, 2021

      Routine Manual Entry: A...

      Stadtwerk Tauberfranken fully automates Move In-Move-Out...

      Read More

      Aug 16, 2021

      Your Ticket to SAP S/4HANA

      Find out how the discovery phase assists you in making an...

      Read More

      Jul 29, 2021

      Natuvion announces...

      Natuvion announced a new strategic partnership with...

      Read More

      Jul 13, 2021

      SAP S/4HANA Transition -...

      Difference to New Implementation & Re-Implementation

      Read More

      Jul 8, 2021

      Natuvion Services prepare...

      Read our success story to learn about the data protection...

      Read More

      Jun 30, 2021

      Hands-on training in...

      The training and further education of employees in...

      Read More

      Jun 24, 2021

      SAP HCM for SAP S/4HANA or...

      Many companies with an on-premise installation for SAP HCM...

      Read More

      Jun 16, 2021

      The path to SAP S/4HANA:...

      Migrating to SAP S/4HANA is still a project that many...

      Read More

      Jun 11, 2021

      How to achieve higher...

      Using RPA, digital helpers take over standardized routine...

      Read More

      Jun 8, 2021

      Full Data Protection at...

      How Natuvion implemented GDPR compliance while driving...

      Read More

      May 31, 2021

      Getting Ready for SAP...

      How Vattenfall prepares its IT landscape for the SAP...

      Read More

      May 30, 2021

      Increased customer...

      In our success story, you will learn about the success...

      Read More

      May 17, 2021

      GDPR compliant Data...

      How E.ON achieves GDPR Compliance with Natuvion and SAP...

      Read More

      May 10, 2021

      Vattenfall successfully...

      Read in our Vattenfall success story all the details of an...

      Read More

      Apr 27, 2021

      8 Planning Topics Before...

      Mitigate Risk with Strategic Planning

      Read More

      Apr 13, 2021

      SAP S/4HANA Transition -...

      Keeping old data while migrating to a new system

      Read More

      Mar 30, 2021

      SAP S/4HANA Transition -...

      Why and when a New Implementation makes sense!

      Read More

      Mar 23, 2021

      How to prepare your SAP...

      Learn about your transition-challenges

      Read More

      Mar 16, 2021

      Solving the SAP Carve-Out...

      Take the scare out of your carve-out!

      Read More

      Never miss information again. Subscribe to our newsletter!