Organizations across the globe are making their way back to the ‘war room’ to analyze their applicability against one of the most comprehensive data privacy laws sweeping the US, the California Consumer Privacy Act of 2018 (“CaCPA”). The CaCPA, approved on June 28th, 2018, was designed to give consumers (i.e. Californians) control over the use, including the sale, of their personal information. Conceptually, having similar characteristics to the European Union’s data protection regulation, including its ability to be enforced on a global platform.
While both privacy acts have a similar intent, the CaCPA certainly has its own set of specific characterizations that sets it apart from its European equivalent. And although it appears that many of the general provisions appear to be borrowed from the GDPR and other global privacy practices, organizations will need to carefully evaluate decisions to apply previous developed policies, procedures, or processes to meet California’s new privacy provisions.
In this article, we look at California’s new Consumer Protection Act (CaCPA) in comparison to the EU General Data Protection Regulation. The aim is to help identify certain similarities and differences between the two standards to help strategize an organizations effort in achieving compliance.
Before you set out to solidify your compliance strategy, be sure to check on the latest developments issued by the State to ensure that your understanding of the Act remains consistent with the AG’s guidance and expectations.
In order to answer the big question of the hour: "Can you rely on GDPR to satisfy the requirements of CaCPA?" we have put together an in depth guide to answering that question and more as it relates to the CaCPA and GDPR:
About the Author
Kevin Kish is a Privacy Technical Lead with Schellman & Company, LLC. Prior to joining Schellman, Kevin worked as a IT Compliance Manager, specializing in IT Security and Data Privacy compliance frameworks, including ISO 27001, HITRUST, Privacy Shield and the General Data Protection Regulation. As a Senior Associate with Schellman, Kevin is focused primarily on data protection laws for organizations across various industries.More Content by Kevin Kish