• Skip to primary navigation
  • Skip to main content
  • Skip to footer
ControlCase No Tag LOGO md

ControlCase

IT Certifications, Continuous Compliance and Cybersecurity Services Provider

  • Company
    • About Us
    • Careers
    • Locations
    • Team
  • Industries
    • Business Process Outsourcing
    • Cloud Service Providers
    • Retail
    • Telecom | Entertainment
  • Certifications
    • PCI DSS Certification
    • CSA STAR Certification
    • GDPR Assessment
    • HIPAA Assessment
    • HITRUST Certification
    • ISO 27001 Certification
    • FedRAMP 3PAO Services and NIST 800-53
    • CMMC Compliance: NIST 800-171
    • MARS-E Assessment
    • P2PE Certification
    • PA DSS Certification
    • SOC2 Report
  • Solutions
    • Continuous Compliance Solution
    • One Audit
    • Card Data Discovery Software
    • Data Security Rating
  • Testing
    • Application Reviews
    • Application Security Training
    • Code Reviews
    • Card Data Discovery
    • External Vulnerability Scans
    • Firewall Security Reviews
    • Internal Vulnerability Scans
    • Log Monitoring
    • Penetration Testing
  • Resources
    • Events
    • News
    • Webinars
    • Courses
    • Newsletters
    • Blog
  • Contact Us

CCPA vs. GDPR

You are here: Home / Blog / CCPA vs. GDPR

ABOUT GDPR

GDPR distills data privacy law & regulation in the European Union (EU).  It relates to processing and controlling personally identifying data and is applicable to entities holding or monitoring personal data.

What is GDPR?

The General Data Protection Regulation (EU) 2016/679 (GDPR) is a regulation on data protection and privacy in the European Union (EU) and the European Economic Area (EEA).
GDPR’s primary aim is to give individuals control over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
GDPR also addresses the transfer of personal data outside the EU and EEA areas.

When did GDPR come into effect?

GDPR came into effect on May 25th, 2018

Data Processor vs Data Controller

A controller is the entity that determines the purposes, conditions, and means of the processing of personal data, while the processor is an entity which processes personal data on behalf of the controller.

Regulation vs Directive

A regulation is a binding legislative act. It must be applied in its entirety across the EU, while a directive is a legislative act that sets out a goal that all EU countries must achieve. However, it is up to the individual countries to decide how. It is important to note that the GDPR is a regulation, in contrast to the previous legislation, which is a directive.

Who does GDPR Apply to?

Any enterprise—regardless of its location and the data subjects’ citizenship or residence—that is processing the personal information of individuals inside the EEA

What are the consequences of non-compliance with GDPR?

In addition to Lodging complaints with a supervisory authority, noncompliance may also result in judicial remedy.
• Up to 4% of annual global revenue of preceding fiscal year OR
• Euro 20 million (Whichever is higher)

What are the GDPR Fields?

GDPR fields allow the efficient collection, storage and tracking of consent from your contacts; while recording the field and consent text.
GDPR fields can be used as check boxes for contacts to opt in to your marketing.

Tactical steps for GDPR Compliance

Security of Processing

• Asset & Vulnerability Management
• Data Management
• Logical Access
• Physical Access
• Risk Assessment
• Policy Management
• Third Party Management
• Incident Management

Rights Management

Privacy

Breach Notification Management

ABOUT CCPA

What is CCPA?

CCPA stand for the California Consumer Privacy Act of 2018. CCPA aims to protect the Personal Information of Consumers in California. Personal information includes anything identifying, relating to, associated with a consumer or household in California.

When does CCPA go into effect?

CCPA became effective on January 1st, 2020.

Who does CCPA apply to?

The CCPA and its regulations apply to entities (and entities that control or are controlled by
a business) that do business in California and meet at least one of the following thresholds:
• Annual gross revenue over US $25-million.
• Holding data containing personal information of 50,000 or more Californian consumers, households or devices.
• Derives 50% or more of its annual revenues from selling consumers’ personal information.

How to implement CCPA?

CCPA requires:
• Privacy notice disclosing to Consumers how their Personal Information is collected, used and shared and how to exercise CCPA rights.
• At least two mechanisms for Consumers to submit requests for information about, access to,
or deletion of their Personal Information, UNLESS business has direct relationship with consumers and operates exclusively online. (Email address only)
• The ability for Consumers to opt out of the sale of their Personal Information.
• Training

What are the CCPA Consumer Rights?

1. The right to know
2. The right to access
3. The right delete
4. The right to opt out

CCPA vs GDPR

Features GDPR CCPA
Controllers and Processors
Employees and B2B personnel captured
Access Rights
Information Rights
Portability
Deletion
Rectification
Restrict Processing
Object to Automatic Processing
Opt Out
Mechanism mandate for individual rights requests

  • Facebook
  • LinkedIn
  • Twitter
  • YouTube

Footer

Connect

Corporate Headquarters
12015 Lee Jackson Memorial Hwy, Suite 520, Fairfax, VA 22033

Send us a message

Call Us

About Us

ControlCase is a United States based company, headquartered in Fairfax, Virginia with locations in North America, Europe, Latin America, Asia/Pacific and the Middle East to serve our clients globally.

Quick Links

  • Company
  • Team
  • Careers
  • Locations
  • Covid-19 Notice

Certifications, Assessments and Reports

  • PCI DSS Certification
  • CSA STAR Certification
  • GDPR Assessment
  • HIPAA Assessment
  • HITRUST Certification
  • ISO 27001 Certification
  • FedRAMP and 3PAO Services
  • MARS-E Assessment
  • P2PE Certification
  • PA DSS Certification
  • SOC2 Report

© ControlCase LLC 2023 | Privacy Policy | Impartiality Statement | Legal Notices