Compare privacy laws at a glance
| Consumer rights include: | CCPA | CPRA | CDPA | CPA | GDPR |
|---|
| Consumer rights include: | CCPA | CPRA | CDPA | CPA | GDPR |
|---|---|---|---|---|---|
| Effective date | January 1, 2020 | January 1, 2023 | January 1, 2023 | July 1, 2023 | May 25, 2018 |
| Fulfillment date (calendar days) | 45 days | 45 days | 45 days | 45 days | 30 days |
| Fulfillment extensions | Yes | Yes | Yes | Yes | Yes |
| Fulfill opt-out of selling personal data requests | 15 Business Days | TBD *Dependent upon CA's Privacy Regulator |
Compare data rights
| Consumer rights include: | CCPA | CPRA | CDPA | CPA | GDPR |
|---|
| Consumer rights include: | CCPA | CPRA | CDPA | CPA | GDPR |
|---|---|---|---|---|---|
| Data access rights | ● | ● | ● | ● | ● |
| Data correction rights | ● | ● | ● | ● | |
| Data deletion rights | ● | ● | ● | ● | ● |
| The right to opt-out of the sale of personal information | ● | ● | ● | ● | |
| The right to opt-out of personal information being leveraged for profiling | ● | ● | ● | ||
| The right to opt out-of personal information being used for behavioral advertising | ● | ● | ● | ● | ● |
| Opt-out of the use of automated decision-making | ● | ● | |||
| Limit use and disclosure of sensitive personal information | ● | ● |
Penalties & damages
A violation is triggered for every affected consumer — a single breach can rack up hundreds, if not thousands of violations.| Consumer rights include: | CCPA | CPRA | CDPA | CPA | GDPR |
|---|
| Consumer rights include: | CCPA | CPRA | CDPA | CPA | GDPR |
|---|---|---|---|---|---|
| Potential cost of a single violation | $2,500 | $2,500 | $7,500 | $20,000 | $24.1 million or 4% of annual global turnover (whichever is higher) |
| Potential cost of an intentional violation | $7,500 | $7,500 | |||
| Potential cost of violation involving personal information of a minor | $2,500 - $7,500 | $7,500 | |||
| Potential cost of statutory damages per violation | $100 - $150 per violation |
Data protection & compliance requirements
| Consumer rights include: | CCPA | CPRA | CDPA | CPA | GDPR |
|---|
| Consumer rights include: | CCPA | CPRA | CDPA | CPA | GDPR |
|---|---|---|---|---|---|
| Data protection for minors | ● | ● | ● | ● | ● |
| Conduct regular cyber-security audits | ● | ||||
| Data breach notifications | ● | ● | ● | ● | ● |
| Storage & length of use limitations | ● | ● | ● | ● | |
| Consent to process sensitive data | ● | ● | ● | ||
| Easy opt-out access for consumers | ● | ● | ● | ● | |
| Structured assessments of high-risk activities | ● | ● | ● | ● | |
| Appoint a data protection officer | ● | ||||
| Cross-border data transfer requirements | ● | ||||
| Establishes a data protection agency | ● | ● | |||
| Put a comprehensive privacy policy in place | ● | ● | ● | ● | ● |
Business requirements
| Consumer rights include: | CCPA | CPRA | CDPA | CPA | GDPR |
|---|
| Consumer rights include: | CCPA | CPRA | CDPA | CPA | GDPR |
|---|---|---|---|---|---|
| Take the proper steps to keep data safe | ● | ● | ● | ● | ● |
| Perform risk assessments & audits | ● | ● | ● | ● | |
| Data transparency requirements | ● | ● | ● | ● | ● |
| Define legal basis for data processing | • | ||||
| Keep record of data processing activities | ● | ||||
| Prohibit discrimination — equal rights & fairness | ● | ● | ● | ● | ● |