California Privacy Act Vs. The General Data Protection Regulation

September 4, 2018 Kevin Kish

Organizations across the globe are making their way back to the ‘war room’ to analyze their applicability against one of the most comprehensive data privacy laws sweeping the US, the California Consumer Privacy Act of 2018 (“CaCPA”).  The CaCPA, approved on June 28th, 2018, was designed to give consumers (i.e. Californians) control over the use, including the sale, of their personal information.  Conceptually, having similar characteristics to the European Union’s data protection regulation, including its ability to be enforced on a global platform.

While both privacy acts have a similar intent, the CaCPA certainly has its own set of specific characterizations that sets it apart from its European equivalent. And although it appears that many of the general provisions appear to be borrowed from the GDPR and other global privacy practices, organizations will need to carefully evaluate decisions to apply previous developed policies, procedures, or processes to meet California’s new privacy provisions.

In this article, we look at California’s new Consumer Protection Act (CaCPA) in comparison to the EU General Data Protection Regulation. The aim is to help identify certain similarities and differences between the two standards to help strategize an organizations effort in achieving compliance.

Before you set out to solidify your compliance strategy, be sure to check on the latest developments issued by the State to ensure that your understanding of the Act remains consistent with the AG’s guidance and expectations.

In order to answer the big question of the hour: "Can you rely on GDPR to satisfy the requirements of CaCPA?" we have put together an in depth guide to answering that question and more as it relates to the CaCPA and GDPR:

California Privacy Act Vs. The General Data Protection Regulation

About the Author

Kevin Kish

Kevin Kish is a Privacy Technical Lead with Schellman & Company, LLC. Prior to joining Schellman, Kevin worked as a IT Compliance Manager, specializing in IT Security and Data Privacy compliance frameworks, including ISO 27001, HITRUST, Privacy Shield and the General Data Protection Regulation. As a Senior Associate with Schellman, Kevin is focused primarily on data protection laws for organizations across various industries.

More Content by Kevin Kish
Previous Article
PCI in 3…2…1
PCI in 3…2…1

A fresh new release of the PCI SSC's flagship security standard PCI-DSS v 3.2.1

Next Article
Security in a Post-GDPR World
Security in a Post-GDPR World

With so much focus on organizational compliance and privacy adoption, it’s easy to overlook the ...


Subscribe now
to receive content updates once a week

First Name
Error - something went wrong!