Most Trusted GDPR Analytic Platform
The GDPR aims at creating a new legal framework for the use of personal data in Europe Union, both online and offline, in the private and public sectors.
Our Best Users Are all
over the Worldwide
The General Data Protection Regulation, a modernized version of the long-standing Data Protection Directive, was adopted by the European Commission in 2016. (GDPR). The EU Charter of Fundamental Rights, which serves as the foundation for the GDPR, recognizes the protection of personal information as a fundamental human right.
The goal of the GDPR is to guarantee the security of personal data by emphasizing human rights and enabling secure data movement both within and between states. The GDPR is currently regarded as one of the world's greatest legal frameworks for data protection and privacy.
15
k+
Comapnies Who Have Joined
€45
M+
Data Protected By Us
5
k+
Pending verification for business
Crypto Market Live Price
A new era for privacy and data protection began with the adoption of the General Data Protection Regulation (GDPR) by the European Union. Legislators from all across the world were aware that their citizens would eventually start calling for legislation with a comparable breadth and efficacy. The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act were both largely inspired by this viewpoint (CPRA).
When the European Union passed the General Data Protection Regulation (GDPR), it heralded a new age for data protection and privacy. Legislators across the world knew it was only a matter of time before their citizens started demanding something similar in scope and effectiveness. That is primarily the sentiment that led to first the California Consumer Privacy Act (CCPA) and then the California Privacy Rights Act (CPRA).
With nearly a year having passed since CPRA and two since CCPA, most consumers still don’t understand what sets these two pieces of legislation apart from GDPR and what’s similar. There are some key differences between the three, while the core principles remain intact. For a clearer understanding, read below:
GDPRThe European Union (EU)’s General Data Protection Regulation (GDPR) is the most comprehensive regulation created dealing with consumer’s data privacy. It is inevitable that all subsequent regulations on the subject in Europe and elsewhere would draw comparisons between the GDPR and CCPA/CPRA. | |
|---|---|
Rights of Customers | To begin with, the GDPR has an incredibly expansive list of rights that all consumers have. These include the right to be informed, right to erasure, the right to restrict data processing, the right to data rectification, the right to object to data portability, right to access, and the right to know if their information is being used for any sort of profiling among several other rights. Perhaps the biggest difference between GDPR and CCPA/CPRA is the opt-in vs. opt-out consent requirements. In other words, as per the GDPR, businesses need to have a lawful basis for processing any sort of customer data – and if the lawful basis is consent, then data subjects must opt-in to agree to the processing. On the other hand, in CCPA/CPRA, businesses are allowed to process consumer personal information for any purpose they want unless the consumer exercises their right to opt-out of having their personal information sold to or shared with third parties. |
Scope | Firstly, entities covered under the GDPR include both for-profit and nonprofit entities – including government bodies – which process the personal data of data subjects within the EU. CCPA/CPRA only applies to for-profit businesses which conduct business in California and cater to at least 100,000 customers or households, have € 25 million or more in gross revenues or make 50% or more of their gross revenue by sharing/selling consumers’ personal information. The GDPR covers almost all forms of personal data while the CCPA/CPRA is specific about the exclusion of certain personal information from its scope such as medical information, clinical trials information, financial information covered under the Gramm-Leach-Bliley Act, and personal information covered under the Driver’s Privacy Protection Act. |
Enforcement Agency | Since coming into effect across the EU in May 2018, the Information Commissioner’s Office (ICO) has been the primary enforcement body. In 2019, it was announced that despite the United Kingdom’s decision to leave the EU, ICO would continue to enforce GDPR laws across the UK. |
Penalties | Under GDPR, non-compliance and data breaches can result in fines as high as 20 million euros or 4% of the violating company’s annual global turnover – whichever amount is higher. Under CCPA/CPRA unintentional violations can lead to administrative fines of € 2500 per violation and intentional violations can lead to fines of € 7500 per violation. |
CCPAThe CCPA legislation was a landmark for data privacy and protection when it was passed in 2018. For consumers in California, it was the first real piece of legislation that provided them the right to privacy they merited in the 21st century. However, in hindsight, a clear room for improvement can be seen. Especially after the CPRA was approved less than a year later. | |
|---|---|
Rights of Customers | Under CCPA, all California residents have the right to opt-out of third-party data sales, the right to be informed of data collection and rights, the right to have collected data disclosed, the right to have collected data deleted, and the right to equal services and prices without discrimination. |
Scope | The CCPA only affects for-profit entities. It went to the length of describing what qualifies as a business with further expansion on that definition by the CPRA. Furthermore, while both the GDPR and CCPA regulations require businesses to inform users when their data is being collected, sold, or disclosed, the GDPR is significantly more thorough. The CCPA requires users to be informed how their data was used every 12-months, while the GDPR requires this to be done within one month. Additionally, the CCPA requires all third parties to inform users if they’ve obtained their information while the GDPR requires all of that plus the reason why their data was obtained in the first place. |
Enforcement Agency | The CCPA is enforced by the California Office of the Attorney General (OAG). The Attorney General’s office is responsible for prescribing appropriate fines and penalties for entities found in violation of CCPA rules. |
Penalties | The CCPA only levies penalties after a breach occurs. Non-compliance does not result in any sort of fine at all. The penalties involved are as follows:
|
CPRAThe best way to describe CPRA would be that it can be considered a more comprehensive version of the CCPA. There are several key areas where it expands on the CCPA’s provisions. | |
|---|---|
Rights of Customers | Under CPRA, all consumers in California have the right to limit a business’s use and disclosure of sensitive information. Additionally, they maintain the right to direct the business to use such information when absolutely necessary. Other than that, all businesses have to provide a clearly visible banner on their website homepage titled “Limit the Use of My Sensitive Personal Information.” with a proper link to a page that would allow them to do so. |
Scope | CPRA amended the criteria for what qualifies as a “Business”. While the CCPA described a business as an entity that buys, sells, or shares the personal information of 50,000 consumers, CPRA ups the threshold to 100,000. Moreover, the CPRA added the term, “sharing” to the CCPA’s criteria of a business deriving 50% or more of its annual revenue from selling consumers’ personal information. Other than that, the CPRA introduced an entirely new category of protected data: sensitive personal information (SPI). This provision is fairly similar to the GDPR’s Article 9. As a result, consumers have a right to ask a business’ website to limit the use of their sensitive personal information if they fall under CPRA regulations. Other provisions the CPRA has adopted from the GDPR include data minimization, purpose limitation, and storage limitation. Unlike the CCPA, these provisions are codified parts of the official CPRA regulation. |
Enforcement Agency | The CPRA created an entirely new authority responsible for enforcing it. The CPRA will be enforced by the California Privacy Protection Agency (CPPA), with absolute investigative and enforcement powers. |
Penalties | Same penalties as prescribed by the CCPA. An additional € 7,500 fine in case the consumer privacy rights of a minor are violated. Businesses can avoid the fines if they address and rectify the issues within a 30-day period after being notified by the Attorney General. |
Conclusion
There are still certain aspects of the CPRA that won’t come into effect until January 1, 2023. Most companies will spend 2021 and 2022 laying their infrastructural groundwork for CPRA compliance.
Seeing how their counterparts in the EU have dealt with the GDPR could be key in ensuring a smooth transition. With CPRA requiring businesses to structure their data collection in accordance with the new regulation, this is where Securiti could be just what you need.
As a leader in global privacy compliance software, Securiti harnesses the power of artificial intelligence and machine learning to provide businesses the ability to automate a significant portion of their compliance tasks. Through its AI-driven data discovery, DSR automation, documented accountability, and automation you can become CPRA compliant with a simple click of a button.
Start Your GDPR Data Protection Scaning
In a time when more people are entrusting their personal data with cloud services and breaches are occurring on a daily basis, Europe is signaling with the GDPR its tough stance on data privacy and security.
Our Motivated Compliance - Data Protection Team
Single user or enterprise-wide options are available as an annual subscription. Compare duties with no fuss and no ties, such as those relating to permission, data transfers, breach response, direct marketing, cookies, employment circumstances, and territorial scope.
Leslie Alexander
Compliance Director
John Smith
Comliance Officer
Kenneth L. Wood
Crypto Comliance Officer
William Ross
Cyber Compliance Officer
How it All Started
The annual subscription for Network Gate Data Privacy allows for an infinite number of users throughout an organization.
What They Say About Us
Daily horizon scanning alerts can help you stay on top of developments. Access aggregated international viewpoints on Schrems II, breach response, sanctions, and privacy legislation in development.
“You don’t have to be constantly searching the web to get price updates. Just use our coin calculator and simply get the desired result with a simple click.”
Leslie Alexander
Product Designer“You don’t have to be constantly searching the web to get price updates. Just use our coin calculator and simply get the desired result with a simple click.”
Maxine Butler
Manager“You don’t have to be constantly searching the web to get price updates. Just use our coin calculator and simply get the desired result with a simple click.”
Hugh Saturation
UX DesignerNetwork Gate Recent Posts
Network Gate Data Privacy is a user-friendly tool that offers a useful examination of data privacy legislation in important international markets. The analysis is easily accessible online, user-friendly, and maintained by a committed group of experienced lawyers. Access to sources is provided, along with contact information and memoranda from local lawyers.
Safeguarding the Future: Cryptography and Blockchain in Modern Cyber security
In the realm of modern cyber security, ...
Tomas Manas
Securing Innovation: Cyber security Imperatives for Fintech and Tech Companies
As the fintech and tech sectors continue ...
Global Cyber security Imperatives: Country-specific Frameworks and Policies for Government Authorities and Banks
In an interconnected world, the threat landscape ...
Also Available on IOS
& Android
We collaborate with top attorneys from across the world to negotiate a thorough memorandum of law that is made public in its whole as well as through colored extracts.
