You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
At least in Europe, most of us have already heard of GDPR – a regulation in EU law and the European Economic Area (EEA) – and its guidelines in regulating the protection of privacy and personal data.
One common question asked is the equivalence of GDPR outside the EU and how other countries, especially the United States, manage and protect personal data.
GDPR safeguards the information of anyone living in the EU, so if a US citizen is residing in any EU country, GDPR will apply to their personal data collected.
However, GDPR does not apply to US citizens living in the US; several federal and state-level privacy regulations in the US offer some similar protections. In particular, the California Consumer Privacy Act (CCPA) controls the collection of “personally identifiable information” from any person residing in California, which also includes any California residents who are EU citizens.
CCPA is a state law passed by the California State Legislature and signed into law in California on June 28, 2018. The Act provides Californian residents only the right to data protection and privacy and applies to any Californian-based business, including any profitable entity that collects consumers’ data.
The CCPA defines personal data as information associated directly with:
social security number
license plate number
or any similar identifiers
The only exception is Personal Health Information and Financial Health Information, which adhere to the Health Insurance Portability and Accountability Act (HIPPA) and the Grammleach-Bliley Act.
The CCPA focuses on six primary rights for California residents:
The right to know what personal data is being collected
The right to know to whom their personal data is sold or disclosed
The right to refuse sales of their personal data
The right to access their personal data
The right to request a business to delete any personal information about a consumer collected from that consumer
The right not to be discriminated against for exercising their privacy rights
The CCPA has evolved immensely since its enactment in July 2020 and has continued to provide new challenges for company data protection officers ever since. Therefore, you should always be up-to-date on data protection issues. The best way to do this is with a flexible, dynamic data protection program that can smartly automate manual tasks.