California Privacy Act Vs. The General Data Protection Regulation
Organizations across the globe are making their way back to the ‘war room’ to analyze their applicability against one of the most comprehensive data privacy laws sweeping the US, the California Consumer Privacy Act of 2018 (“CaCPA”). The CaCPA, approved on June 28th, 2018, was designed to give consumers (i.e. Californians) control over the use, including the sale, of their personal information. Conceptually, having similar characteristics to the European Union’s data protection regulation, including its ability to be enforced on a global platform.
While both privacy acts have a similar intent, the CaCPA certainly has its own set of specific characterizations that sets it apart from its European equivalent. And although it appears that many of the general provisions appear to be borrowed from the GDPR and other global privacy practices, organizations will need to carefully evaluate decisions to apply previous developed policies, procedures, or processes to meet California’s new privacy provisions.
In this article, we look at California’s new Consumer Protection Act (CaCPA) in comparison to the EU General Data Protection Regulation. The aim is to help identify certain similarities and differences between the two standards to help strategize an organizations effort in achieving compliance.
Before you set out to solidify your compliance strategy, be sure to check on the latest developments issued by the State to ensure that your understanding of the Act remains consistent with the AG’s guidance and expectations.
In order to answer the big question of the hour: "Can you rely on GDPR to satisfy the requirements of CaCPA?" we have put together an in depth guide to answering that question and more as it relates to the CaCPA and GDPR:
About KEVIN KISH
Kevin Kish is a Privacy Technical Lead with Schellman & Company, LLC. With nearly 8 years industry experience, he has a strong history of implementing, maintaining, and assessing global information security and privacy requirements, including ISO 27001, HITRUST, Privacy Shield and the General Data Protection Regulation. As an industry advocate, he is passionate about researching and writing on the fundamentals and concepts of sustainable data privacy; and, providing education to clients on the risks, challenges, and best practices around data privacy legislation. He holds several privacy designations from the international association of privacy professionals, including CIPP/US, CIPP/E, and CIPM.