How Do I Leverage My GDPR Preparation For CCPA? Part V

2 Mins read

Continued from part III & IV

The CCPA requires all businesses with customers in California to disclose personal information they store, the purpose of storing that information, and with whom that information is shared or to whom sold. The five new rights that have been awarded to Californians by CCPA:

  • A right to know what personal information is being collected about them;
  • A right to know whether their personal information is sold or disclosed and to whom;
  • A right to say no to the sale of personal information;
  • A right to access their personal information; and
  • A right to equal service and price, even if they exercise their privacy rights.

Data Privacy Officers, Privacy Staff, Consultants, HR, Legal, etc. find it very useful to have a handy comparison between GDPR and CCPA to identify additional efforts required to implement CCPA.

The last blog detailed the CCPA – Personal Information Categories and included the Comparison Between the GDPR and CCPA for a Few Selective Categories such as Law Applies To, Protects, Protected Information, and Security. Below is the continuation:

Law applies toRefer to blog Part III –
Protected Information
Anonymous, Deidentified, Pseudonymous, or Aggregated Data  Refer to last blog Part IV:  
Privacy Notice / Information Right
Opt-Out Right for Personal Information Sales
Right of Disclosure or AccessIndividuals have the right to access their personal data, which includes receiving a copy or to obtain certain information about the data controller’s processing. This is commonly referred to as subject access. Individuals can make a subject access request verbally or in writing.Corporations cannot charge a fee to deal with a request in most circumstances.Consumers have a right to request disclosure or access to their personal information.   To receive additional details regarding the personal information a business collects and its use purposes, including any third parties with which it shares information.
Right of Data PortabilityThe right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. Receive a copy of the personal data in a commonly used and machine-readable format.It allows them to move, copy or transfer personal data easily from one IT environment to another.Transmit the personal data to another data controllerThe right only applies to information an individual has provided to a controller.In response to a request for disclosure, a business must provide personal information in a readily useable format   Consumer can transmit the information from one entity to another entity without hindrance.
Right to Deletion / Erasure (The Right to be Forgotten)The GDPR introduces a right for individuals to request erasure of personal data under six circumstances (the right to be forgotten).Individuals can make a request for erasure verbally or in writing.The right is not absolute and only applies in certain circumstances.Data controllers must also take reasonable steps to inform any other data controllers also processing the data.A consumer has the right to deletion of personal information a business has collected, subject to certain exceptions.   The business must also instruct its service providers to delete the data.
Right of RectificationThe GDPR includes a right for individuals to:Correct inaccurate personal data.Complete incomplete personal data.An individual can make a request for rectification verbally or in writing.In certain circumstances you can refuse a request for rectification.This right is closely linked to the controller’s obligations under the accuracy principle of the GDPR (Article (5)(1)(d)).None

Source: Thomson Reuters & ICO

Continued from part III –

Continued from part IV –

Related posts

Prevention, Detection, and Recovery from Cyberattacks Part III

2 Mins read
Is Zero Trust a model for effective and efficient security? We are adding a third blog post in the series of Prevention, Detection, and Recovery…

Everything You Need to Know About DoD CMMC - CMMC Introduction

2 Mins read
In March 2020, Visser Precision Manufacturing confirmed it was “the recent target of a criminal cybersecurity incident, including access to or theft of data.” Visser…

Everything You Need to Know About DoD CMMC - CMMC Background

2 Mins read
In March 2020, Visser Precision Manufacturing confirmed it was “the recent target of a criminal cybersecurity incident, including access to or theft of data.” Visser…

Leave a Reply

Your email address will not be published. Required fields are marked *