CCPA vs. GDPR: Key Differences and Compliance Guide

1. CCPA GDPR VS Global Compliance Guide Explore the key differences between GDPR and CCPA regulations WHAT IS THE GDPR? WHAT IS THE CCPA? Overview and Deadlines The Eu’s General Data Protection Regulation. Effective May 25, 2018. The California Consumer Privacy Act. Effective January 1, 2020. How it Affects You The GDPR affects companies that: The CCPA affects companies that: Collect or store data from EU citizens or residents Buy, share, or sell data from at least 50K California citizens Operate outside of the EU, yet offer goods or services to EU citizens Earn more than 50% of revenue from the sale of personal data Monitor the behavior of persons within the EU Have an annual revenue of $25M+ Non-compliance Penalties GDPR maximum penalty: 4% of global annual turnover or €20 million – whichever is higher. CCPA maximum penalty: up to $2,500, increasing to $7,500 for each intentional violation. CCPA vs. GDPR: Similarities Companies do not have to be based in the EU to be bound by the GDPR. Companies do not need to be in California to be bound by the CCPA. Business Location GDPR and CCPA: Businesses must comply with a customer’s request to access their data. Consumer Access Both California-based and EU-based customers can request companies to delete their personal information from the organization’s database. Erasure 91% of customers trust companies that are transparent about how they use customer data. Both GGPR and CCPA compliance can help you build this trust. Consumer Trust CCPA vs. GDPR: Know the Difference OPT-OUT Both CCPA AND GDPR require businesses to attain customer consent, but in different ways Businesses must provide a “Do Not Sell My Personal Information” option. Customers can opt-out from 3rd-party information sharing. Opt-in consent is required. Customers must agree to share their information before it can be collected. MINORS Both CCPA AND GDPR regulations feature unique rules for collecting information from minors. For children under 13, businesses must obtain parental consent before collecting their children’s data. Minors under age 16 need parental consent. Member states of the EU can lower this age to 13 for their regions. DAMAGES Here’s how CCPA and GDPR fees for damages differ. Fees for data breach damages are not less than $100 and not greater than $750 per consumer per incident (or actual damages, whichever is greater). Fee amount is based on 10 criteria including intention, mitigation, prevention, history of offences, cooperation, data type, notification, certification, other mitigating factors. TRANSPARENCY CCPA and GDPR have different data collection transparency rules. The CCPA requires that you tell customers: The GDPR requires that you tell customers: What your business does What TYPES of information you’re collecting How they can CONTACT you For what PURPOSE you’re collecting data Why you’re PROCESSING personal data SPECIFICS of what is being collected What TYPES of data you collect and how long you’ll store it DISCLOSURE of where data is being shared DISCLOSURE of where data is being shared Costs: Compliance vs. Non-Compliance Compliance technology can help save you millions of dollars by keeping your company up to date. Here are average costs (non-specific to CCPA or GDPR). Non- Compliance Fallout Average cost is $1.34M USD Annual average cost is $14.8M USD Compliance Technology IT’S A WAR OUT THERE 60% of companies fail within six months due to post-breach fallout. Don’t wait for that to happen to you. The time for a compliance-ready solution is now. ABOUT LOGINRADIUS LoginRadius empowers businesses to deliver a delightful customer experience without compromising security. Using our customer identity platform, companies can offer a streamlined login process while protecting digital accounts and complying with data privacy regulations. © LoginRadius Inc | www.loginradius.com