Privacy Law Cheat Sheet:

CPRA vs CCPA vs GDPR and the Impacts on Data Privacy Operations

Determine at-a-glance where you stand when 
it comes to European and California Privacy Regulations.

Your FREE Download Will Explain:

Requirements for compliance between CPRA, CCPA and GDPR.
Differences in the scope of application.
Nature and extent of collection limitations.
Rules concerning accountability.

Quickly Understand Privacy Laws

Recognize where GDPR/CCPA/CPRA overlap to help you master privacy operations.

CA voters passed CPRA, which goes into effect 1/1/23, looking back at data from 1/1/22.

Figure out if your company is ready to enhance privacy operations. We’ve made it easy.

CPRA enhances CCPA with more consumer privacy protection, similar to the EU’s GDPR.

As the privacy landscape continues to evolve, prepare to adapt your privacy operations.

Understand privacy laws so you don’t over-comply or under deliver on consumer privacy.

Frequently Asked Questions (FAQs)

What is CCPA?

California Consumer Privacy Act.

The CCPA provides California residents with data privacy rights and regulates the sharing of information that identifies a certain consumer or household.

What is CPRA?

California Privacy Rights Act, an extension of CCPA.

The CPRA provides residents of California with additional privacy rights by enhancing CCPA, requiring consent to process sensitive personal information and other user data.

What is GDPR and who does it protect?

General Data Protection Regulation.

The GDPR provides data protection for consumers physically located in the European Union (EU) with rights against processing certain categories of personal data unless lawful justification applies.

How similar are the data guidance requirements for CPRA/CCPA/GDPR?

While there is crossover, there is clear variance between the three.

For example, CCPA applies to for-profit entities with at least $25 million in gross annual revenue deriving 50% of its annual revenue from the sale of personal information. In contrast, GDPR applies to any entity processing personal data, regardless of revenue.

What is data minimization?

The principle of collecting only necessary data.

The intention of data minimization considers limiting data collection to only what is truly necessary when fulfilling a specific purpose. This ensures entities have less data to keep track of and consumers have less information to protect.

What are the requirements/limitations around selling and sharing of personal data under CPRA, CCPA, and GDPR?

It depends.

Selling and sharing is handled a bit differently under each regulation. For example, GDPR does not say much about selling or sharing personal information. However, it does require that the consumer is informed of what their data will be used for upon collection. Conversely, when it comes to CCPA, consumers have the clear right to opt out from the get-go.

Do I have to be a privacy professional to use this cheat sheet?

Not necessarily.

Privacy laws are important for all members of an organization to understand, including marketing, sales, and purchasing teams. However, this cheat sheet will be most useful for privacy, security, and IT teams.

Is reading this a time-consuming process?

This is a quick-guide that outlines all that you need to know about the key differences between GDPR, CCPA and CPRA. Now is the time to get clear on privacy laws so compliance is a no-brainer.