Privacy Law Comparison: GDPR vs. CCPA

We developed a full white paper that explores the differences between CCPA and GDPR, as well as how businesses can stay compliant.

When the bill for CCPA was passed in June 2018, it was instantly compared with the EU’s GDPR . This was for good reason. Both sets of regulations take a hard stance towards businesses that do not adequately protect consumer data.

They both give individuals significant rights in regards to how their data is used, and they both leave the potential for large fines to be levied at companies that don’t comply. However, the comparisons only stretch so far; there are significant differences between the two regulations. For some businesses, specifically those that only operate in one of the areas affected—either the EU or California—these distinctions may not cause problems.

These companies can focus on complying with the regulation that matters to them. For businesses that operate in both areas, however, complying with two sets of regulations will be a challenge. Especially for small companies that don’t have the budget for expensive legal or compliance departments.

Failure to adhere to the regulations, however, could be just as costly. Agencies, publishers, and other small and medium-sized businesses that operate in both the EU and California need to ensure they have an in-depth understanding of how to adhere to both sets of rules.

GDPR VS. CCPA in Numbers

£183.39 Million: The largest fine so far handed out under GDPR. Given to British Airways by the ICO for the airline’s failure to protect customer data.

$7,500: The maximum penalty per intentional violation under CCPA. Non-intentional violations are capped at $2,500.

513.5 million: Number of people residing in the EU at the start of 2019, according to Eurostat.

37 million: Number of people living in California according to the 2010 census. Around 12% of the population of the U.S.

33,089: Number of GDPR complaints submitted to the UK DPA by March 1, 2019. More than any other EU country. But fewer complaints per 100,000 of the population than Ireland.

137: The number of people businesses need to collect data on per day to be subject to CCPA. This could come from the IP address of website visitors.

January 1, 2020: The day CCPA will go into effect. Businesses operating in California will need to ensure they are compliant by this date.

8%: The percentage of U.S. businesses that said they are ready for CCPA as of July 2019 according to PossibleNow.

Download the full guide to learn key differences between CCPA and GDPR regarding cookie compliance, mobile app compliance and consumer & subject requests.