Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,463,448
Community Members
 
Community Events
176
Community Groups

GDPR vs CCPA - How different are they?

After decades of free lawless internet, the tech world has entered an era of legal reformation. Twenty years ago, this wasn't even a topic, but today we have arrived at this point, discussing data privacy laws such as GDPR and CCPA.

GDPR, the General Data Protection Regulation, went into action in 2018, redefining the entire perspective of data privacy and the manner of handling it. In January 2020, the California Consumer Privacy Act (CCPA) came into effect, causing businesses to get concerned.

Both laws deal with data protection, but they impose different requirements on different companies.

Let's take a look at the scope each law covers. First, we will understand that the GDPR protects all EU/EEA residents from having their data collected and used without their concern, whether online or offline, wherever their geographical location.

Whereas the CCPA protects Californian based businesses and residents, including any profitable entity that collects consumers' data and meets one of the following:

a- earns at least 25 million USD in gross annual revenue or

b- buys, sells, or receives personal information for at least 50,000 California consumers or

c- originates more than 50% of its yearly income from selling personal data.

Now that we have introduced the two leading players in data privacy, let us discuss what we know about their main differences. So far, we can assign five significant differences between the two laws:

1- Personal Data  

2- Data Processing

3- Data Security

4- User Right

5- International Data Transfer

The five major differences between GDPR and CCPA:

1- Personal Data:

The GDPR laws affect any business and its websites.

Any entity from e-commerce, webpages, NGOs and even websites of public institutions that deal with personal data from the EU must comply with the GDPR.

While the GDPR protects any identifiable person through direct or indirect data regardless of their residence or citizenship status, the CCPA law protects only residents of California, meaning identifiable persons who legally reside in California.

2- Data Processing:

The GDPR has six lawful based data processing listed as follows:

  • explicit consent

  • legal obligation

  • Contractual obligation

  • legitimate interest of the organization

  • a public interest

  • vital interest

While the CCPA had no legal basis, businesses can process data non-misleading and unfair.

3- Data Security:

The GDPR requires organizations to implement appropriate security measures according to the risk involved.

The CCPA has no specific security requirements but imposes a right of action against businesses for inappropriate security measures.

4- User Right:

While comparing user rights, we notice that the GDPR states seven rights, while the CCPA states four clear rights. The GDPR gives its users the right to access, delete, and correct personal data. It also provides the right to object and restrict personal data processing, the right to object automated data processing, including profiling, and the right to port data.

The CCPA gives its users the right to know about and access personal data, delete personal information, opt out of the sale of personal data, and the right to non-discrimination for exercising the CCPA rights.

 

5- International Data Transfer:

When it comes to international data transfer, the GDPR requires non-EU countries to provide adequate protection and organizations to comply with standard contractual clauses SCC or similar agreements. At the same time, the CCPA has absolutely no restrictions.

3 comments

Taranjeet Singh Community Leader May 13, 2022

Thank you for sharing this knowledgeable article, @Andreas Springer _Actonic_ !

SriKumar P Atlassian Team May 15, 2022

Thanks for writing and sharing this article @Andreas Springer _Actonic_ 

Comment

Log in or Sign up to comment
TAGS

Atlassian Community Events