What is GDPR vs. CCPA?

General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) are both pieces of legislation that were enacted to protect consumers’ personal data.

The GDPR is a European standard enacted in 2018 across 27 member states. It has rules that control how companies and websites handle personal information, including names, phone numbers, e-mail addresses, browser history, location data, and other internet data. The GDPR states that users must give their consent before companies can use any of this personal data.

The CCPA happened two years later, in 2020. California was the first state in the U.S. to adopt this type of legislation, which differs from GDPR because it allows California residents to manage their own data. Californians have the right to request that any data previously collected by an organization be disclosed and deleted and not sold to third parties.

• What is GDPR Compliance?
• GDPR Compliance for US Companies
• What is CCPA?

Return to Cybersecurity Frameworks and Standards Glossary