Language Switcher

    Data Identification & Clustering

    Migration

    Transformation

    Quality & Integrity

    Platform Integration

    Data Privacy & Security

    Simulation & Automation

    Retention & Retirement

    Governance & Support

    Process Excellence

      Home > Newsroom > European Data Protection Regulation And California Consumer Privacy Act

      European Data Protection Regulation and California Consumer Privacy Act

      Webinar20_1200x627

      This includes the process in which it is obtained, stored, used and, not be forgotten, destructed. For private households this new law came with various advantages, for the companies themselves, it meant a lot of work and restructuring. The more data an organization collected over the years, the more data they have to dig themselves out of now to make sure they comply to new data protection law. On January 1, 2020, the California Consumer Privacy Act (CCPA), a similar law, is going to be introduced in California. This law also exists to protect the consumer and his or her privacy. Therefore, activities to comply with the CCPA will have to start at least 12 months before the implementation of this new law. This is the only way organizations can guarantee they are prepared and operating within the law once January 1, 2020 hits. As data privacy experts, Natuvion has broken down the core differences and similarities the GDPR and CCPA have in definitions, rights and enforcement.

       

      Key Definitions

      Personal Data/Personal Information

      Both, the GDPR and the CCPA define their “personal data” and “personal information” quite broadly. The GDPR generally only means identified or identifiable individuals while the CCPA also includes households. The GDPR also has a topic for “special categories of data” which means sensitive data like race, sexual preferences, etc. and prohibits processing that data.

      Pseudonymization

      The GDPR and the CCPA are very similar in this point. The personal data of the “Data Subject” can no longer identify the person without the use of additional information that is kept separately. The GDPR allows the data subject itself to provide the additional information which the CCPA completely denies.

      Children

      Under the GDPR, children under 16 must have their guardians’ consent while the CCPA has an opt-in requirement for selling personal data. Children under 13 must also have their guardian opt-in for them.

      Research

      Research is defined in a very broad manner for the GDPR and the CCPA which allows both of them to act more freely for the public interest. Pseudonymization is important here. Under the GDPR, data collected for such research cannot be used otherwise. Under the CCPA the data collected for a certain research project can be used by the same business that collected the data in the first place.

      Scope

      Personal Scope

      Compared to the GDPR where businesses, public bodies and institutions as well as not-for-profit organizations are affected, under the CCPA, only for-profit entities are included. Also, for the CCPA it is important to know that you must be a California resident in order to be protected.

      Territorial Scope

      The GDPR applies to all organizations within the EU and also organizations outside the EU if they offer goods and/or services to “data subjects” that are located in the EU. The CCPA on the other hand hasn’t clearly defined their criterium. The law says that it applies to organizations doing business in California with California residents.

      Consumer Rights

      The consumer has the right under both laws to request the deletion of his or her personal data. Furthermore, he or she has the right to know when data is being collected and what it is collected for (specific reason and it can only be used for that reason). The consumer also has the right under both laws to request to get a full report on what personal information an organization holds about them. This data is required to be received in a commonly used and easily usable format. The GDPR and the CCPA allow the consumers to ask the entities to stop processing and selling their information. The CCPA only allows to opt-out of the selling and not the collection of personal data. Under the GDPR it is different as any type of processing of the personal data can be requested to end. The CCPA establishes the right to non-discrimination for the exercise of rights. this menas that a business cannot deny consumers any goods or services, charge them different prices or provide a different level of quality if these consumers requested access or deletion of their personal informationor opted out from selling their personal data to the firm. The GDPR on the other hand does not have a clear point about this in its law.

      blog_consumerrights

      Enforcement

      The authorities to supervise the application of the law are two different ones with different power as well. For the GDPR it is the national data protection authorities which are also part of the European Data Protection Board. The CCPA is supervised by the California Attorney General. Both laws have monetary penalties in order. For the GDPR the fines are issued by a data protection authority, the fines under the CCPA, however, are issued by a court. These laws are there to protect the consumers privacy and allow individuals and also class or collective actions to be brought against any organization that breaks these laws.

      Conclusion

      With the introduction of the CCPA the hope is to strengthen the data protection rights of the residents of California. In the event of intentional breach of the CCPA's privacy obligations, the company must pay a fine of up to $ 7,500. If the company meets the consumer's demands within 30 days, a penalty can be avoided. The European GDPR and the California CCPA have many things in common. Especially the rights of those affected are very similar in the two laws. These provide the largest problem area in the implementation of the laws. Many of the experiences gained through the introduction of the GDPR can thus be partially adapted and reused. The already developed technical solutions can also be used for the CCPA.

      Outlook

      It remains to be seen whether other states will follow the Californian approach or if the US government will develop a uniform data protection system. Do not miss our next article in which we introduce you to the relevant fields of action of the CCPA and their effects and technical realization options in IT system landscapes. Do you have questions or need help with your own privacy project? Then Natuvion is the ideal contact - we are happy to assist and accompany you on your way.

      Related News

      49 percent of companies fall short of transformation goals

      Nov 15, 2022

      Study: 49 percent of...

      A study conducted by Natuvion documents that almost half of...

      Read More
      Lack of in-house expertise is a major challenge when planning a transformation project

      Nov 9, 2022

      Study: Lack of in-house...

      Natuvion has identified show stoppers of digital...

      Read More
      Study: 60 % of Digitalization Projects are Initiated by Management

      Nov 4, 2022

      Study: 60 % of...

      With its latest study, Natuvion documents top executives’...

      Read More
      EN_Downloads_SuccessStory_BMW

      Oct 25, 2022

      Pedal to the Metal:...

      With a size of more than 30 TB, the BMW Group’s SAP ECC...

      Read More
      NTT DATA acquires stake in the Natuvion Group and expands its SAP S/4HANA transformation expertise

      Aug 31, 2022

      NTT DATA acquires a stake...

      NTT DATA Business Solutions AG, the globally leading SAP...

      Read More
      EN_SuccessStory_schweizstrom_powercloud-Migration

      Aug 26, 2022

      In-Cloud Data Migration...

      schweizstrom successfully migrates its data to powercloud...

      Read More
      Near Zero Downtime: Migrations without time pressure

      Aug 23, 2022

      Near Zero Downtime:...

      Time-consuming, complex, and extensive - transformation...

      Read More
      Test systems compliant with data protection: Here's how!

      Aug 22, 2022

      Test systems data...

      Since the introduction of the GDPR, companies are required...

      Read More

      Never miss information again. Subscribe to our newsletter!