What is GDPR?
On May 25th ,2018 the EU's General Data Protection Regulation takes full effect. The goals of these new privacy rules are to harmonize data protection laws across EU member states and to enhance data protections for citizens.
What is CCPA?
Starting on January 1,2020, the California Consumer Privacy Act(CCPA) requires organizaions to provide transparency in how they're collecting,sharing and sharing user data.
Read the article : CCPA Compliance Guide for Businesses in California
Who Needs to comply?
GDPR : Any business that collects or processes the data of EU Citizens or residents
CCPA: Any company conducting business with California Citizens that:
Has an annual revenue of $25M+
Collects,shares,buys, or sells the data of >50,000 Californian consumers.
Makes at least 50% of revenue from the sale of Californian consumer data
What are the penalties for Non compliance?
GDPR : Up to 4% of the company's annual gross revenue or 20M euros.
CCPA : $750 per person,per violation
What are the new rights afforded to users?
GDPR : Access,Rectification,object,Restriction of processing,Data portability, Not be subject to decisions based on automation.
CCPA;: Access,knowledge of sale,objection of sale, equal price and service.
What should users have access to?
Both laws require that businesses,upon request , give their user access to the following information:
What information collect about them
What information is shared or sold
Who the information may be shared with or sold to
When do you need to get user consent?
GDPR: If you collect on the basis of user content, you need to get clear, affirmative permission from users to collect their data.
If you process "sensitive information" - like race,religion,political history,medical history,financial history, or sexuality - you must first get user consent,even if your processing fails under one of the other 5 legal bases.
CCPA: You need to get explicit consent to sell the data of user under the age of 16.
For all other users, they have the right to withdraw their consent to the sale of the data at anytime. A link reading "Do not sell my personal information" should be posted in your homepage and privacy policy so users can opt out of data sale.
What about data protection and security?
GDPR: keeping data encrypted,confidential, and accessible.
Notifying users when a data breach occurs.
Performing a data protection impact assessment (DPIA) before processing personal data.
CCPA:
Lawsuits can be brought by the attorney general's office for breach of privacy if company's data is mishandled or infiltrated.Given these new consequences, businesses should be extra cautious in their data-handling and take time to map and audit their data stores.
.png)
No comments:
Post a Comment