It’s Time for Privacy Pros to Make a Strategic Shift
The importance of effective data privacy can no longer be ignored.
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Updated: November 30, 2023
Published: May 14, 2020
The European Union’s General Data Protection Regulation (GDPR) kicked off what would be a rolling introduction to more data privacy regulations across the globe. While countries and states can pass their own standards to protect their residents, the new and changing policies make it difficult for organizations to keep track of their responsibilities.
We’re going to break down two of the most well-known and pressing regulations, the GDPR and the California Consumer Privacy Act (CCPA) to give you a bit more clarity. What you need to know is that the general premise of these regulations is the same - to protect consumers’ right to privacy - but they can differ in their requirements and who is affected. There are detailed nuances to both, but the following chart should give you a good overview of their key differences.
GDPR |
CCPA |
|
Date |
Implemented on May 25, 2018 |
Implemented on January 1, 2020 |
Affected entities |
Affects any organization inside or outside of the EU that offers goods or services to or monitors the behavior of EU subjects. |
Affects certain organizations inside or outside of California that do business with a California company, has California resident customers, or collects any personal data of a California resident for any purpose. Regulated companies have gross revenue greater than $25M, handles personal data of more than 50,000 consumers for commercial purposes, or derives 50% or more of its annual revenues from selling consumers’ personal data. |
Representation |
Requires most companies outside of the EU to designate an EU representative if they don’t have a presence in the EU and process personal data of EU residents. |
There is no similar representative requirement. |
Fines |
Lesser violations result in up to 10 million euros ($10.8M USD) or up to 2% of the firm’s worldwide annual revenue from the previous fiscal year, whichever is higher. More severe violations can be up to 20 million euros ($21.6M USD) or up to 4% of the firm’s worldwide annual revenue from the preceding fiscal year, whichever is higher. |
Civil penalties (violations lacking intent) are $2,500 for each violation. Intentional violations are $7,500 each after notice and a 30-day opportunity to remedy. |
Security |
Requires data controllers and processors to implement satisfactory technical and organizational measures to ensure adequate security of data. |
Does not define or impose data security requirements, but it does give consumers the right to take legal establish a right of action if a security breach occurs. |
Opt-out Rights |
No right to opt-out of personal data sales, but it does provide consumers the right to opt-out of processing data for marketing purposes and withdraw consent to process personal data. |
Organizations must provide a clearly visible option for consumers to opt-out of the sale of their personal data and if they request “Do Not Sell My Personal Information”, the organization cannot ask again for another 12 months. |
Rectification Rights |
Data subjects have the right to request that an organization corrects any incorrect or incomplete personal data. |
No right of rectification. |
Age of consent |
Age for consent is 16 and parents must consent for children under 16. Organizations must still provide an age appropriate privacy notice to the child and implement increased security measures to protect their personal data. |
Age of consent is 13 and parents must consent for children under 16. All provisions in the federal Children’s Online Privacy Protection Act (COPPA) still apply. |
We only highlighted the most contrasting requirements between the GDPR and the CCPA, but there are other factors that play into how your organization may or may not need to comply. There are also more data privacy regulations on the horizon. Not only will there likely be ongoing modifications to the GDPR and the CCPA, but other countries and states are poised to introduce their own set of standards in the near future.
This growing web of laws puts organizations in a precarious situation of having to keep track of not only where and with whom they do business but also understanding all of the new and changing privacy laws across the board. Without a global data privacy regulation that offers consistent regulations, it will continue to be a continuous battle to comply.
Fortunately, organizations can automate consent management, vendor risk monitoring, privacy policy change management, and privacy law changes across the globe - all with only a single line of JavaScript. Osano Products make compliance with data privacy laws simple, while also providing you with a way to monitor your vendors to ensure your supply chain isn’t putting you at risk. From subject rights to GDPR representatives, Osano is here to help you get and stay compliant.
For more detailed information about GDPR, check out our guide. If you'd like to learn more about the CCPA, we have a guide for that too.
Are you in the process of refreshing your current privacy policy or building a whole new one? Are you scratching your head over what to include? Use this interactive checklist to guide you.
Download Now
Matt Davis is a writer at Osano, where he researches and writes about the latest in technology, legislation, and business to spread awareness about the most pressing issues in privacy today. When he’s not writing about data privacy, Matt spends his time exploring Vermont with his dog, Harper; playing piano; and writing short fiction.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.