How Do I Leverage My GDPR Preparation For CCPA? Part VI

2 Mins read

Continued from the part III –

Continued from the part IV –

Continued from the Part V –

The CCPA requires all businesses with customers in California to disclose personal information they store, the purpose of storing that information, and with whom that information is shared or to whom sold. The five new rights that have been awarded to Californians by CCPA:

  • A right to know what personal information is being collected about them;
  • A right to know whether their personal information is sold or disclosed and to whom;
  • A right to say no to the sale of personal information;
  • A right to access their personal information; and
  • A right to equal service and price, even if they exercise their privacy rights.

Data Privacy Officers, Privacy Staff, Consultants, HR, Legal, etc. find it very useful to have handy comparison between GDPR and CCPA to identify additional efforts required to implement CCPA.

Below is the continuation of the Comparison Between the GDPR and CCPA.

Law applies toRefer to blog Part III –
Protected Information
 Anonymous, Deidentified, Pseudonymous, or Aggregated Data  Refer to blog Part IV:  
Privacy Notice / Information Right
Opt-Out Right for Personal Information Sales
Right of Disclosure or AccessRefer to blog Part V:
Right of Data Portability
Right to Deletion / Erasure (The Right to be Forgotten)
Right of rectification
Right to Restrict ProcessingIndividuals have the right to request the restriction or suppression of their personal data in certain circumstances. When processing is restricted, you are permitted to store the personal data, but not use it. An individual can make a request for restriction verbally or in writing.None, other than the right to opt-out of personal information sales.
Right to Object to ProcessingThe GDPR gives individuals the right to object to the processing of their personal data for direct marketing or there is a compelling reason for doing so.An individual can make an objection verbally or in writing.None, other than the right to opt-out of personal information sales.
Right to Object to Automated Decision-MakingThe GDPR has provisions on automated individual decision-making (deciding solely by automated means without any human involvement); and profiling (automated processing of personal data to evaluate certain things about an individual). which has legal or other significant effects on the data subject, subject to certain exceptions.The GDPR applies to all automated individual decision-making and profiling.  None
Responding to Rights RequestsA data controller must: „„Verify the identity of a data subject before responding to a request.A business must: „„Comply with a verifiable consumer request (as defined in Cal. Civ. Code § 1798.140(y)). potentially extendable once for another 45 or 90 days on customer notification.  
Penalties (Private Rights of Action)declaratory relief.
Penalties (Civil Fines)

  Source: Thomson Reuters & ICO

Related posts

Everything You Need to Know About DoD CMMC - CMMC Background

2 Mins read
In March 2020, Visser Precision Manufacturing confirmed it was “the recent target of a criminal cybersecurity incident, including access to or theft…

GDPR & Sales Team

2 Mins read
The article below is important for every small business including Sales and Marketing team who generate leads and close the deals. Three…

How Do I Leverage My GDPR Preparation for CCPA? Part III

4 Mins read
The GDPR team has new challenges with the California Consumer Privacy Act (CCPA) compliance and many more to come from other states….

Leave a Reply

Your email address will not be published. Required fields are marked *