We have outsourced our Atlassian licensing and services business to the newly founded Seibert Solutions GmbH. Actonic's products will be further developed under the usual name.

Data Privacy Laws explained


In this evolving digital age, privacy laws are essential for organizations to secure any individual's personal data. There are many different data protection laws around the world that share similar regulations and impose strict penalties for companies failing to achieve compliance while collecting and using data.

However, data privacy laws are not identical; they contain distinctive requirements and methods depending on the country and circumstances.

Throughout this article, we will compare four data privacy laws while determining their differences and similarities. And one thing in advance: regardless of what privacy guidelines your company is subject to, we have an all-encompassing solution approach for you there!

Data privacy laws compared


The general data protection regulation “GDPR” became effective on May 25, 2018. It regulates the protection of any personal information related to EU citizens. GDPR is based on seven fundamental principles:

  • Lawfulness, fairness, and transparency.

  • Purpose limitation.

  • Data minimization.

  • Accuracy.

  • Storage limitation.

  •  Integrity and confidentiality

  •  Accountability.

In addition, the term “pseudonymized” is often used in GDPR. Pseudonymization is a method incorporated to diminish the possibilities of personal data leading to identifying the natural person they are attributed to. Therefore, organizations that process personal data from EU-based subjects should be GDPR-compliant. Or else they can face fines up to €20 million or 4% of a company’s annual turnover.


The California Consumer Privacy Act was enacted on January 1, 2020, to protect any personal information that could be linked to California residents, whether it’s a consumer or household. CCPA disregards de-identified data (called pseudonymized in GDPR), public information, and aggregate input. The CCPA is based on three principles: transparency, accountability, and control. The most significant difference with GDPR is probably that CCPA applies not only to individual data, but also covers household data.

Any entity that conducts business in California and meets the following criteria should comply with CCPA:

  • Annual revenues of more than $25 million.

  • Data processing of greater than 50,000 users.

  • Gains at least 50% of revenue from selling personal data.

The CCPA fines include: $2500 for unintentional violation and $7,500 for intentional violation.

You can find more details in our former article: CCPA vs. GDPR: data privacy laws in Europe and the USA.

However, since January 2023, there is an extension of the CCPA, namely CPRA, which brings some changes. For example, the CCPA allows individuals to refuse their personal data to be shared by organizations, whereas CPRA also gives them the right to decide who can sell and collect their data.


The Colorado Privacy Act will operate starting July 1, 2023; it protects the personal information of consumers that are residents of Colorado. Any controller that handles a business in Colorado, whether it’s selling products or delivering services for its residents, should be compliant with CPA. In addition, controllers should satisfy these two requirements:

  • Processing data annually of greater than 100,000 consumers.

  • Obtain revenue or discounts from selling data of 25,000 consumers.

So far, no penalties are set yet, so a breach of CPA is regarded as a deceptive trade practice.


The VCDPA (Virginia Consumer Data Protection Act) acts similarly to the previous laws mentioned above. It provides consumers the right to access their personal data and request businesses to delete their information, excluding de-identified data or publicly available information. This act won’t be enforced until January 1, 2023; entities operating businesses in Virginia should ensure their companies fully comply with VCDPA to avoid penalties. Any organization violating this act will face up to $7500 fines plus attorney fees.

Make sure to research privacy data laws in your area that apply to your company’s thresholds. This way, you can protect your users without breaching any rules, and you can avoid hefty fines and sanctions.

Data Security in Jira and Confluence

As soon as you process personal data in your company, you can easily ensure global data protection measures for Jira and Confluence with our apps Data Protection and Security Toolkit for Jira and Data Protection and Security Toolkit for Confluence.

A single app offers several features that will effortlessly help you with all your compliance needs. Avoid issues that could impact the entire process and benefit from detailed statistics to understand the requirements and keep your organization on the right track.

Data Protection and Security Toolkit will guide you through your data security journey in a structured and flexible way with minimal time investment – no matter what global requirements apply to you.

With this app, you’ll secure the future.

Convince yourself now!

CCPA, GDPR, HIPAA and more: easily manage all of them!

  • Handle all sensitive and personal data
  • Be safe with risk-free data protection
  • Also ready for: CCPA, HIPAA, LGPD, etc.
Go to Atlassian Marketplace

How useful was this post?

Click on a star to rate it!

Average rating 5 / 5. Vote count: 1

No votes so far! Be the first to rate this post.