General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) are both pieces of legislation that were enacted to protect consumers’ personal data.
The GDPR is a European standard that was enacted in 2018 across 27 member states. It has rules in place that control how companies and websites handle personal information, including names, phone numbers, e-mail addresses, browser history, location data, and other internet data. The GDPR states that users must give their consent before companies can use any of this personal data.
The CCPA happened two years later in 2020. California was the first state in the U.S. to adopt this type of legislation, which differs from GDPR in the fact that it gives California residents the power to manage their own data. Californians have the right to request that any data previously collected by an organization be disclosed and deleted and not sold to third parties.