California Privacy Act Vs. The General Data Protection Regulation

September 4, 2018 Kevin Kish

Organizations across the globe are making their way back to the ‘war room’ to analyze their applicability against one of the most comprehensive data privacy laws sweeping the US, the California Consumer Privacy Act of 2018 (“CCPA”).  The CCPA, approved on June 28th, 2018, was designed to give consumers (i.e. Californians) control over the use, including the sale, of their personal information.  Conceptually, having similar characteristics to the European Union’s data protection regulation, including its ability to be enforced on a global platform.

While both privacy acts have a similar intent, the CCPA certainly has its own set of specific characterizations that sets it apart from its European equivalent. And although it appears that many of the general provisions appear to be borrowed from the GDPR and other global privacy practices, organizations will need to carefully evaluate decisions to apply previous developed policies, procedures, or processes to meet California’s new privacy provisions.

In this article, we look at California’s new Consumer Protection Act (CCPA) in comparison to the EU General Data Protection Regulation. The aim is to help identify certain similarities and differences between the two standards to help strategize an organizations effort in achieving compliance.

Before you set out to solidify your compliance strategy, be sure to check on the latest developments issued by the State to ensure that your understanding of the Act remains consistent with the AG’s guidance and expectations.

In order to answer the big question of the hour: "Can you rely on GDPR to satisfy the requirements of CaCPA?" we have put together an in depth guide to answering that question and more as it relates to the CaCPA and GDPR:

California Privacy Act Vs. The General Data Protection Regulation

About the Author

Kevin Kish

Kevin Kish is a Director of Privacy Compliance at Schellman. With 10 years of industry experience, Kevin has a strong history of implementing, maintaining, and assessing global information security and privacy requirements, including ISO 27001, HITRUST, Privacy Shield, and the General Data Protection Regulation (GDPR). As an industry advocate, he is passionate about researching and writing on the concepts of adaptable data privacy and providing education to clients on the risks, challenges, and best practices around data privacy legislation. He holds several privacy certifications from the International Association of Privacy Professionals (IAPP), including CIPP/US, CIPP/E, and CIPM.

More Content by Kevin Kish
Previous Video
CaCPA - Wait and See?
CaCPA - Wait and See?

Effective date is not until 2020 - when should you pay attention?

Next Flipbook
California Privacy Act Vs. The General Data Protection Regulation
California Privacy Act Vs. The General Data Protection Regulation

Can you rely on GDPR to satisfy the requirements of CCPA?