Data Privacy Laws explained - Actonic – Unfolding your potential

Data Privacy Laws explained



In this evolving digital age, privacy laws are essential for organizations to secure any individual's personal data. There are many different data protection laws around the world that share similar regulations and impose strict penalties for companies failing to achieve compliance while collecting and using data.


However, data privacy laws are not identical; they contain distinctive requirements and methods depending on the country and circumstances.

Throughout this article, we will compare four data privacy laws while determining their differences and similarities. And one thing in advance: regardless of what privacy guidelines your company is subject to, we have an all-encompassing solution approach for you there!

Data privacy laws compared


The general data protection regulation “GDPR” became effective on May 25, 2018. It regulates the protection of any personal information related to EU citizens. GDPR is based on seven fundamental principles:

  • Lawfulness, fairness, and transparency.

  • Purpose limitation.

  • Data minimization.

  • Accuracy.

  • Storage limitation.

  •  Integrity and confidentiality

  •  Accountability.

In addition, the term “pseudonymized” is often used in GDPR. Pseudonymization is a method incorporated to diminish the possibilities of personal data leading to identifying the natural person they are attributed to. Therefore, organizations that process personal data from EU-based subjects should be GDPR-compliant. Or else they can face fines up to €20 million or 4% of a company’s annual turnover.


The California Consumer Privacy Act was enacted on January 1, 2020, to protect any personal information that could be linked to California residents, whether it’s a consumer or household. CCPA disregards de-identified data (called pseudonymized in GDPR), public information, and aggregate input. The CCPA is based on three principles: transparency, accountability, and control. The most significant difference with GDPR is probably that CCPA applies not only to individual data, but also covers household data.

Any entity that conducts business in California and meets the following criteria should comply with CCPA:

  • Annual revenues of more than $25 million.

  • Data processing of greater than 50,000 users.

  • Gains at least 50% of revenue from selling personal data.

The CCPA fines include: $2500 for unintentional violation and $7,500 for intentional violation.

You can find more details in our former article: CCPA vs. GDPR: data privacy laws in Europe and the USA.

However, in 2023 a new legalization act, the CPRA, will become the successor of the CCPA and will replace and amend a few rules included in the precedent law. For example, the CCPA allows individuals to refuse their personal data to be shared by organizations, whereas CPRA also gives them the right to decide who can sell and collect their data.


The Colorado Privacy Act will operate starting July 1, 2023; it protects the personal information of consumers that are residents of Colorado. Any controller that handles a business in Colorado, whether it’s selling products or delivering services for its residents, should be compliant with CPA. In addition, controllers should satisfy these two requirements:

  • Processing data annually of greater than 100,000 consumers.

  • Obtain revenue or discounts from selling data of 25,000 consumers.

So far, no penalties are set yet, so a breach of CPA is regarded as a deceptive trade practice.


The VCDPA (Virginia Consumer Data Protection Act) acts similarly to the previous laws mentioned above. It provides consumers the right to access their personal data and request businesses to delete their information, excluding de-identified data or publicly available information. This act won’t be enforced until January 1, 2023; entities operating businesses in Virginia should ensure their companies fully comply with VCDPA to avoid penalties. Any organization violating this act will face up to $7500 fines plus attorney fees.

Make sure to research privacy data laws in your area that apply to your company’s thresholds. This way, you can protect your users without breaching any rules, and you can avoid hefty fines and sanctions.

Data Security in Jira and Confluence

If your organization operates with European customers, you can easily ensure Jira and Confluence data protection measures using our apps GDPR (DSGVO) and Security for Jira and GDPR (DSGVO) and Security for Confluence.

One single app will provide various features that will help you with all your compliance needs without hassle. Prevent any struggles that would affect the whole process, and benefit from detailed insights to comprehend the requirements to keep your business on the right track.

GDPR (DSGVO) and Security will guide you through your data security journey in a more structured and flexible way without any risks and with less time-consuming efforts. Our app not only covers GDPR cases but also manages other data protection laws like CCPA.

Convince yourself now!

How useful was this post?

Click on a star to rate it!

Average rating 5 / 5. Vote count: 1

No votes so far! Be the first to rate this post.

Best data protection with GDPR (DSGVO) and Security

  • Handle all sensitive and personal data
  • Be safe with risk-free data protection
  • Also ready for: CCPA, HIPAA, LGPD, etc.
Go to Atlassian Marketplace