While the GDPR has some of the most crushing requirements, such as the brief 12-hour window to report a breach, CCPA takes a broader view. It goes even further to locate and protect what constitutes personal or private data as per the GDPR.
The primary difference between the two is that GDPR is more about prior consent, while CCPA is about opting out. GDPR binds businesses to ask for consent before having a consumer’s data stored and processed. On the other hand, CCPA requires businesses to enable consumers to opt-out at any point.
It allows consumers to access every piece of personal information saved and a complete list of third parties it is shared with. Moreover, consumers have the right to sue a company for violating privacy guidelines even if there has been no breach.
Considering how much we heard about GDPR, I’m surprised there’s been so little about CCPA.