Regulation GDPR CCPA
Enforcement Date May 25th, 2018 Jan 1st, 2020
Who needs to comply Any Business that collects or processes the data of EU citizens and residents Any business storing or processing California residents’ information
Penalties Upto 4% of the Company Annual Gross Revenue or 20M euros $7500 per incident, per person
Opt-out Right for Personal Information Sale GDPR does not include a specific right to opt-out of personal data sales Must include a “Do not sell my personal information” link in a clear and conspicuous location on a website homepage.
Must not request reauthorization to sell a consumer’s personal information for at least 12 months after the person opts-out
Children GDPR default age for consent is 16, although individual member state law may lower the age to no lower than 13 Children aged 13-16 can directly provide consent. Children under 13 require parental consent.
Children’s Online Privacy Act (COPPA) still apply on top of the CCPA’s requirement
Right to Disclosure Data Subjects have a right to access their personal data, including receiving a copy and to obtain certain information about the data controller’s processing Consumers have a right to request disclosure of their personal information, and to receive additional details regarding the personal information a business collects and its use purposes, including any third parties with which it shares information
Right to Deletion/Erase Data Subjects have the right to request erasure of personal data A consumer has the right to deletion of personal information a business has collected, subject to certain exceptions
Right to Restrict Processing Right to restrict processing of personal data, under certain circumstances None, other than right to opt-out of personal information sales