Leveraging What You Know About GDPR for CCPA Compliance
The California Consumer Protection Act bears a resemblance to the GDPR, but there are significant differences. The article discusses how to use GDPR as a jumping-off point for CCPA compliance.
Since the implementation of the General Data Protection Regulation (GDPR) on May 25, 2018, the EU's Supervisory Authorities have logged over 144,000 queries and complaints; 89,000 data breach notifications; and a staggering 281,088 national and 446 cross-border cases. And it is not just investigations: In November 2018, Knuddels, a German social media company, was fined €20,000 (US $$22,400) for failing to securely store the personal data of its customers. In December 2018, a Portuguese hospital was fined €400,000 (US $44,800) for allowing improper access to patient records. This year, a taxi company in Denmark was fined 1.2 million kroner (US $180,000) for retaining personal information, and a Polish data processing company €220,000 (US $246,300) for scraping the internet for personal information (PI) to contact individuals for promotional purposes. Most recently, the U.K.'s data watchdog announced plans to fine Marriott £99 million (US $120,353,805) and British Airways £183 million (US $222,472,200) over last year's data breaches — the highest fines levied to date.