Skip to content

How Is CCPA Different From GDPR?

Paige Harris Mar 7, 2022 8:00:00 AM

Privacy and protection of personal information are the most important factors to consider when handling data electronically.

Anyone can now make a Data Subject Access Request (DSAR) to find out what personal information a company has collected and how it is being used. We understand that DSAR compliance isn't a walk in the park for small businesses. There are plenty of other areas business owners need to focus on to succeed.

Today we'll run through what The California Consumer Privacy Act (CCPA) entails and how it compares to the General Data Protection Regulation (GDPR).


Big Data Privacy Regulations Explained

The big difference between CCPA and GDPR is their scope. CCPA is specific to California, whereas GDPR is a data privacy law that was implemented across the European Union (EU). 

GDPR is relatively well known, dating back to 2016. And you'll find tons of GDPR website privacy policy examples online.

CCPA, on the other hand, is the first effort to protect data privacy in the United States and give people control over companies' data collection methods.

You need to know about and comply with the CCPA if you run a business in California and:

  • Generate a gross revenue of over $25 million a year or more.
  • Receive (or buy and sell) private details about more than 50,000 Californian residents, their households or personal devices.
  • Make 50 percent of your income from selling that information.

It doesn't matter where your head office or physical registered address is. If you do business in California and hit those thresholds, CCPA applies to you.

However, you don't need to worry about GDPR if you don't have a business location in Europe and don't sell your products or services to EU customers.


How Is CCPA Changing In 2023?

CCPA is important for California businesses because it goes into effect in January 2023. However, the regulation can be backdated to any personal data collected and shared since January 2022—so you need to make any required changes now!


How Is CCPA Different From GDPR?

Let’s look at CCPA a bit closer. It provides several privacy rights for California customers, so they:

  • Can choose to opt-out of the sale of their data.
  • Have the right to know what details are collected and how an organization will use them.
  • Can ask a business to delete all their data, although a few exceptions apply.
  • Are treated fairly and without discrimination if they make any requests through the CCPA rule

CTA General Privacy Graphic (1)

GDPR and CCPA are both regulations concerning data privacy. However, we should also consider some key differences:

  • GDPR is a legal regulation covering the entire EU.
  • CCPA is only focused on data transparency in California.
  • GDPR controls what happens before a customer buys a service or visits a website.
  • CCPA helps customers see who already holds information about them and how they use it.
  • GDPR applies to data processing and protects health-related personal details.
  • CCPA doesn't apply to health-based information and doesn't impact data processing.
  • GDPR does not apply to collecting, sharing or selling personal data (only to the processing of those details).
  • CCPA isn't interested in data processing—but applies to everything else we've mentioned above.

While CCPA may be a less stringent privacy regulation, there are a few things to consider when you're working out how to comply.

For example, you need to publish a CCPA policy and update it every twelve months.

If keeping track of the myriad of privacy laws is overwhelming, we have the solution for you. Enzuzo is a trusted privacy partner, who will make it easy to work your way through the changing regulations, be confident in your compliance, and protect your customers at every turn.

Check out our vast range of privacy tools and be CCPA-compliant well before January 2023 ticks around.

Leave a Comment