In this evolving digital age, privacy laws are essential for organizations to secure any individual's personal data. There are many different data protection laws around the world that share similar regulations and impose strict penalties for companies failing to achieve compliance while collecting and using data.
Try now: Data Protection and Security Toolkit
However, data privacy laws are not identical; they contain distinctive requirements and methods depending on the country and circumstances.
Throughout this article, we will compare four data privacy laws while determining their differences and similarities. And one thing in advance: regardless of what privacy guidelines your company is subject to, we have an all-encompassing solution approach for you there!
The general data protection regulation “GDPR” became effective on May 25, 2018. It regulates the protection of any personal information related to EU citizens. GDPR is based on seven fundamental principles:
Lawfulness, fairness, and transparency.
Purpose limitation.
Data minimization.
Accuracy.
Storage limitation.
Integrity and confidentiality
Accountability.
In addition, the term “pseudonymized” is often used in GDPR. Pseudonymization is a method incorporated to diminish the possibilities of personal data leading to identifying the natural person they are attributed to. Therefore, organizations that process personal data from EU-based subjects should be GDPR-compliant. Or else they can face fines up to €20 million or 4% of a company’s annual turnover.
The California Consumer Privacy Act was enacted on January 1, 2020, to protect any personal information that could be linked to California residents, whether it’s a consumer or household. CCPA disregards de-identified data (called pseudonymized in GDPR), public information, and aggregate input. The CCPA is based on three principles: transparency, accountability, and control. The most significant difference with GDPR is probably that CCPA applies not only to individual data, but also covers household data.
Any entity that conducts business in California and meets the following criteria should comply with CCPA:
Annual revenues of more than $25 million.
Data processing of greater than 50,000 users.
Gains at least 50% of revenue from selling personal data.
The CCPA fines include: $2500 for unintentional violation and $7,500 for intentional violation.
You can find more details in our former article: CCPA vs. GDPR: data privacy laws in Europe and the USA.
However, since January 2023, there is an extension of the CCPA, namely CPRA, which brings some changes. For example, the CCPA allows individuals to refuse their personal data to be shared by organizations, whereas CPRA also gives them the right to decide who can sell and collect their data.
The Colorado Privacy Act will operate starting July 1, 2023; it protects the personal information of consumers that are residents of Colorado. Any controller that handles a business in Colorado, whether it’s selling products or delivering services for its residents, should be compliant with CPA. In addition, controllers should satisfy these two requirements:
Processing data annually of greater than 100,000 consumers.
Obtain revenue or discounts from selling data of 25,000 consumers.
So far, no penalties are set yet, so a breach of CPA is regarded as a deceptive trade practice.
The VCDPA (Virginia Consumer Data Protection Act) acts similarly to the previous laws mentioned above. It provides consumers the right to access their personal data and request businesses to delete their information, excluding de-identified data or publicly available information. This act won’t be enforced until January 1, 2023; entities operating businesses in Virginia should ensure their companies fully comply with VCDPA to avoid penalties. Any organization violating this act will face up to $7500 fines plus attorney fees.
Make sure to research privacy data laws in your area that apply to your company’s thresholds. This way, you can protect your users without breaching any rules, and you can avoid hefty fines and sanctions.
As soon as you process personal data in your company, you can easily ensure global data protection measures for Jira and Confluence with our apps Data Protection and Security Toolkit for Jira and Data Protection and Security Toolkit for Confluence.
A single app offers several features that will effortlessly help you with all your compliance needs. Avoid issues that could impact the entire process and benefit from detailed statistics to understand the requirements and keep your organization on the right track.
Data Protection and Security Toolkit will guide you through your data security journey in a structured and flexible way with minimal time investment – no matter what global requirements apply to you.
With this app, you’ll secure the future.
Convince yourself now!