CCPA vs GDPR Comparison

Regulation	GDPR	CCPA
Enforcement Date	May 25th, 2018	Jan 1st, 2020
Who needs to comply	Any Business that collects or processes the data of EU citizens and residents	Any business storing or processing California residents’ information
Penalties	Upto 4% of the Company Annual Gross Revenue or 20M euros	$7500 per incident, per person
Opt-out Right for Personal Information Sale	GDPR does not include a specific right to opt-out of personal data sales	Must include a “Do not sell my personal information” link in a clear and conspicuous location on a website homepage. Must not request reauthorization to sell a consumer’s personal information for at least 12 months after the person opts-out
Children	GDPR default age for consent is 16, although individual member state law may lower the age to no lower than 13	Children aged 13-16 can directly provide consent. Children under 13 require parental consent. Children’s Online Privacy Act (COPPA) still apply on top of the CCPA’s requirement
Right to Disclosure	Data Subjects have a right to access their personal data, including receiving a copy and to obtain certain information about the data controller’s processing	Consumers have a right to request disclosure of their personal information, and to receive additional details regarding the personal information a business collects and its use purposes, including any third parties with which it shares information
Right to Deletion/Erase	Data Subjects have the right to request erasure of personal data	A consumer has the right to deletion of personal information a business has collected, subject to certain exceptions
Right to Restrict Processing	Right to restrict processing of personal data, under certain circumstances	None, other than right to opt-out of personal information sales

AboutSecuvy Inc

Secuvy's cloud based platform helps businesses automate Data Privacy, Security and Governance. Visit our website for more information: https://secuvy.ai/