GDPR distills data privacy law & regulation in the European Union (EU). It relates to processing and controlling personally identifying data and is applicable to entities holding or monitoring personal data.
What is GDPR?
The General Data Protection Regulation (EU) 2016/679 (GDPR) is a regulation on data protection and privacy in the European Union (EU) and the European Economic Area (EEA).
GDPR’s primary aim is to give individuals control over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
GDPR also addresses the transfer of personal data outside the EU and EEA areas.
When did GDPR come into effect?
GDPR came into effect on May 25th, 2018
Data Processor vs Data Controller
A controller is the entity that determines the purposes, conditions, and means of the processing of personal data, while the processor is an entity which processes personal data on behalf of the controller.
Regulation vs Directive
A regulation is a binding legislative act. It must be applied in its entirety across the EU, while a directive is a legislative act that sets out a goal that all EU countries must achieve. However, it is up to the individual countries to decide how. It is important to note that the GDPR is a regulation, in contrast to the previous legislation, which is a directive.
Who does GDPR Apply to?
Any enterprise—regardless of its location and the data subjects’ citizenship or residence—that is processing the personal information of individuals inside the EEA
What are the consequences of non-compliance with GDPR?
In addition to Lodging complaints with a supervisory authority, noncompliance may also result in judicial remedy.
• Up to 4% of annual global revenue of preceding fiscal year OR
• Euro 20 million (Whichever is higher)
What are the GDPR Fields?
GDPR fields allow the efficient collection, storage and tracking of consent from your contacts; while recording the field and consent text.
GDPR fields can be used as check boxes for contacts to opt in to your marketing.
Tactical steps for GDPR Compliance
Security of Processing
• Asset & Vulnerability Management
• Data Management
• Logical Access
• Physical Access
• Risk Assessment
• Policy Management
• Third Party Management
• Incident Management
Breach Notification Management
What is CCPA?
CCPA stand for the California Consumer Privacy Act of 2018. CCPA aims to protect the Personal Information of Consumers in California. Personal information includes anything identifying, relating to, associated with a consumer or household in California.
When does CCPA go into effect?
CCPA became effective on January 1st, 2020.
Who does CCPA apply to?
The CCPA and its regulations apply to entities (and entities that control or are controlled by
a business) that do business in California and meet at least one of the following thresholds:
• Annual gross revenue over US $25-million.
• Holding data containing personal information of 50,000 or more Californian consumers, households or devices.
• Derives 50% or more of its annual revenues from selling consumers’ personal information.
How to implement CCPA?
• Privacy notice disclosing to Consumers how their Personal Information is collected, used and shared and how to exercise CCPA rights.
• At least two mechanisms for Consumers to submit requests for information about, access to,
or deletion of their Personal Information, UNLESS business has direct relationship with consumers and operates exclusively online. (Email address only)
• The ability for Consumers to opt out of the sale of their Personal Information.
What are the CCPA Consumer Rights?
1. The right to know
2. The right to access
3. The right delete
4. The right to opt out
CCPA vs GDPR
|Controllers and Processors|
|Employees and B2B personnel captured|
|Object to Automatic Processing|
|Mechanism mandate for individual rights requests|