GDPR and CCPA Introduction The EU General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR) took effect on May 25, 2018 and replaced the EU Directive and its member state implementing laws. On June 28, 2018, California became the first U.S. state with a comprehensive consumer privacy law when it enacted the California Consumer Privacy Act of 2018 (CCPA), which becomes effective January 1, 2020, with some exceptions (Cal. Civ. Code §§ 1798.
CCPA Introduction California Consumer Privacy Act of 2018 (CCPA), which becomes effective January 1, 2020, with some exceptions (Cal. Civ. Code §§ 1798.100-1798.199). Given their comprehensiveness and broad reaches, each law may have significant impact on entities that collect and process personal data. The CCPA grants California resident’s new rights regarding their personal information and imposes various data protection duties on certain entities conducting business in California. While it incorporates several GDPR concepts, such as the rights of access, portability, and data deletion, there are several areas where the CCPA requirements are more specific than those of the GDPR or where the GDPR goes beyond the CCPA requirements.
What Is the GDPR? The General Data Protection Regulation (GDPR) is a major law established in 2018 by the European Union (EU) to protect personal data. The law in the European Economic Area (EEA)—that’s the EU plus Iceland, Liechtenstein, and Norway—recognizes data protection as a fundamental right. The GDPR is the most comprehensive data protection law in the world, and it applies to every company that is based in the EEA and/or offers its goods or services to or monitors the behavior of individuals in the EEA.
Right To Non-Discrimination Per California Consumer Privacy Act (CCPA), Businesses cannot deny goods or services, charge you a different price, or provide a different level or quality of goods or services just because you exercised your rights under the CCPA. However, if you refuse to provide your personal information to a business or ask it to delete or stop selling your personal information, and that personal information or sale is necessary for the business to provide you with goods or services, the business may not be able to complete that transaction.
Introduction What Is Privacy by Design? Today, privacy is not only an ethical imperative, but also a basic human right. And Privacy by Design is a way of reinforcing that human right. Privacy by Design is the concept of building privacy into everything we do. In our interconnected world, where personal information is shared freely, privacy is more important than ever. Inherent in the concept of Privacy by Design is the feature of Privacy by Default, which means that the strictest privacy settings should apply by default to business activities and processes, without any action required from the end user.