Language Switcher

    Data Identification & Clustering

    Migration

    Transformation

    Quality & Integrity

    Platform Integration

    Data Privacy & Security

    Simulation & Automation

    Retention & Retirement

    Governance & Support

    Process Excellence

      Home > Newsroom > European Data Protection Regulation And California Consumer Privacy Act

      European Data Protection Regulation and California Consumer Privacy Act

      Webinar20_1200x627

      This includes the process in which it is obtained, stored, used and, not be forgotten, destructed. For private households this new law came with various advantages, for the companies themselves, it meant a lot of work and restructuring. The more data an organization collected over the years, the more data they have to dig themselves out of now to make sure they comply to new data protection law. On January 1, 2020, the California Consumer Privacy Act (CCPA), a similar law, is going to be introduced in California. This law also exists to protect the consumer and his or her privacy. Therefore, activities to comply with the CCPA will have to start at least 12 months before the implementation of this new law. This is the only way organizations can guarantee they are prepared and operating within the law once January 1, 2020 hits. As data privacy experts, Natuvion has broken down the core differences and similarities the GDPR and CCPA have in definitions, rights and enforcement.

       

      Key Definitions

      Personal Data/Personal Information

      Both, the GDPR and the CCPA define their “personal data” and “personal information” quite broadly. The GDPR generally only means identified or identifiable individuals while the CCPA also includes households. The GDPR also has a topic for “special categories of data” which means sensitive data like race, sexual preferences, etc. and prohibits processing that data.

      Pseudonymization

      The GDPR and the CCPA are very similar in this point. The personal data of the “Data Subject” can no longer identify the person without the use of additional information that is kept separately. The GDPR allows the data subject itself to provide the additional information which the CCPA completely denies.

      Children

      Under the GDPR, children under 16 must have their guardians’ consent while the CCPA has an opt-in requirement for selling personal data. Children under 13 must also have their guardian opt-in for them.

      Research

      Research is defined in a very broad manner for the GDPR and the CCPA which allows both of them to act more freely for the public interest. Pseudonymization is important here. Under the GDPR, data collected for such research cannot be used otherwise. Under the CCPA the data collected for a certain research project can be used by the same business that collected the data in the first place.

      Scope

      Personal Scope

      Compared to the GDPR where businesses, public bodies and institutions as well as not-for-profit organizations are affected, under the CCPA, only for-profit entities are included. Also, for the CCPA it is important to know that you must be a California resident in order to be protected.

      Territorial Scope

      The GDPR applies to all organizations within the EU and also organizations outside the EU if they offer goods and/or services to “data subjects” that are located in the EU. The CCPA on the other hand hasn’t clearly defined their criterium. The law says that it applies to organizations doing business in California with California residents.

      Consumer Rights

      The consumer has the right under both laws to request the deletion of his or her personal data. Furthermore, he or she has the right to know when data is being collected and what it is collected for (specific reason and it can only be used for that reason). The consumer also has the right under both laws to request to get a full report on what personal information an organization holds about them. This data is required to be received in a commonly used and easily usable format. The GDPR and the CCPA allow the consumers to ask the entities to stop processing and selling their information. The CCPA only allows to opt-out of the selling and not the collection of personal data. Under the GDPR it is different as any type of processing of the personal data can be requested to end. The CCPA establishes the right to non-discrimination for the exercise of rights. this menas that a business cannot deny consumers any goods or services, charge them different prices or provide a different level of quality if these consumers requested access or deletion of their personal informationor opted out from selling their personal data to the firm. The GDPR on the other hand does not have a clear point about this in its law.

      blog_consumerrights

      Enforcement

      The authorities to supervise the application of the law are two different ones with different power as well. For the GDPR it is the national data protection authorities which are also part of the European Data Protection Board. The CCPA is supervised by the California Attorney General. Both laws have monetary penalties in order. For the GDPR the fines are issued by a data protection authority, the fines under the CCPA, however, are issued by a court. These laws are there to protect the consumers privacy and allow individuals and also class or collective actions to be brought against any organization that breaks these laws.

      Conclusion

      With the introduction of the CCPA the hope is to strengthen the data protection rights of the residents of California. In the event of intentional breach of the CCPA's privacy obligations, the company must pay a fine of up to $ 7,500. If the company meets the consumer's demands within 30 days, a penalty can be avoided. The European GDPR and the California CCPA have many things in common. Especially the rights of those affected are very similar in the two laws. These provide the largest problem area in the implementation of the laws. Many of the experiences gained through the introduction of the GDPR can thus be partially adapted and reused. The already developed technical solutions can also be used for the CCPA.

      Outlook

      It remains to be seen whether other states will follow the Californian approach or if the US government will develop a uniform data protection system. Do not miss our next article in which we introduce you to the relevant fields of action of the CCPA and their effects and technical realization options in IT system landscapes. Do you have questions or need help with your own privacy project? Then Natuvion is the ideal contact - we are happy to assist and accompany you on your way.

      Related News

      5 reasons to implement SAP MDG during your SAP S/4HANA transformation

      Jun 9, 2022

      5 reasons to implement SAP...

      With SAP Master Data Governance (MDG), SAP offers a...

      Read More
      SuccessStory_Your Path to GDPR System Compliance!

      Jun 7, 2022

      Your Path to GDPR System...

      Vattenfall partners with Natuvion for its SAP...

      Read More
      SuccessStory_Key to Success: Project Management at its Best

      May 18, 2022

      Key to Success: Project...

      EnBW ODR relies on Natuvion when managing its SAP S/4HANA...

      Read More
      Where to put old data? Legally compliant system decommissioning!

      May 11, 2022

      Where to put old data?...

      Since it became possible to manage business data digitally,...

      Read More
      Energy Turnaround in the Digital Era with SAP Utilities Core

      Apr 22, 2022

      Energy Turnaround in the...

      With the utilities industry actively pursuing plans for the...

      Read More
      Immediate Impact for Increased Security

      Feb 7, 2022

      Immediate Impact for...

      Detailed security analysis of the new ProCom Cloud service...

      Read More
      Destination Cloud

      Jan 25, 2022

      Destination Cloud

      E.ON Energie Deutschland successfully migrates data from...

      Read More
      Short & Sweet: SAP System Carve-Out

      Dec 21, 2021

      Short & Sweet: Smarter SAP...

      Successful demerger: Learn more about the carve-out success...

      Read More

      Never miss information again. Subscribe to our newsletter!