CCPA Vs GDPR Comparison & Compliance For WordPress

CCPA Vs GDPR Comparison & Compliance For WordPress:-Last May, GDPR comes into force that raised many questions about complying with this legislation. Do American businesses also need to comply with GDPR? Do I really have to add cookie notice? What about processing agreements? These are some of those questions asked around web. A few months on, it seems that hectic period related to GDPR has cooled down. But now a new announcement of legislation has announced for California. The CCPA.

So now the question arises what is CCPA? How it compares with GDPR? And do it really need to comply with CCPA if you comply with GDPR?

The GDPR:-

Let’s have a brief introduction about GDPR. The General data protection rule is European legislation disclosed in 2016.  That time it was agreed that legislation would come into force on starting May 25, 2018. GDPR focuses on following things:

  • Extending & Strengthening Privacy Rights
  • Responsibilities for Associations
  • Solid authority for European privacy supervisors, like power of imposes fines of up to 20 million euros.
  • Above all, transparency for visitors about what happens to their data.

In short terms, this was a radical addition to the law for many EU countries. It is also a drastic change for WordPress websites.

The CCPA:-

The California Customer Privacy Act which shortly known as CCPA was signed into law by California government on June 28, 2018.   This law is toughest and farthest reaching customer privacy laws in country. CCPA is scheduled to effect in 2020.  This legislation act will give California customers new privacy rights.

CCPA was drafted & passed in just a week as reaction to ongoing privacy reasons. Mainly as a way for customers to effectively protect personal information in the light of data-breaches & related privacy incidents.

Primarily CCPA focuses on:

  • Control of Personal data
  • Protection of Personal data
  • Insight into information acquired by companies

So it looks a lot like GDPR but you don’t need to comply with GDPR if you comply with CCPA and vice versa. There are various differences between these two laws.

CCPA Vs GDPR Comparison & Compliance For WordPress

CCPA Vs GDPR:-

Obviously both legislation focuses on data protection and the sharing thereof. Anyway GDPR seems much sticker than CCPA if you look at the key points covered below:

Cookies:- With GDPR its mandatory to place cookies based on opt-in. with CCPA it’s based on Opt-out. With latter you also obligated to state which cookies you place.

Privacy Policy:- Both laws require privacy policy to show on your website.

Cookie Policy:- With GDPR you need a cookie policy, and with CCPA you can incorporate this with DNSMPI page.

Application:- With GDPR legislation applies to anyone who process personal data,  with CCPA it concerns the following:

  • When you make $24 million profit per year.
  • When half of the profit consists selling personal data you will need to comply with CCPA.
  • You have greater than 50000 lines of personal data from person, household or devices.

Fines: GDPR fines are higher than CCPA, 4% of annual turnover or €20 million. With CCPA violation costs $7500 plus $750 per person.

Disclosures:-  another difference is specificity about disclosures.  GDPR says that data subjects must have an explanation which is clear and specific of the data will be used for.  Data controller has freedom of how this is to be done.

CCPA is more prescriptive. CCPA explain that a business will offer clear and transparent link on business internet homepage, titled- “Do not sell my personal information” to an web page that enables a customer, or authorized person by the customer to opt out of the sale of customer’s personal details.

Age requirements:- children in between the age of 13 & 16 must explicitly authorize the sale of personal information.  When age of child is under 13 then a parent must authorize the sale & sharing of information.

Now as you know the difference despite the two similar. It’s a bit confusing & overwhelming to keep track of all these requirements. So what does it affects on your WordPress site? And how can assure that you are both GDPR & CCPA compliance.

How Do I Comply with CCPA on WordPress Site?

For most of WordPress sites, you already comply with GDPR in some ways or form. Here is some brief overview of GDPR compliance requirements:

  • Cookie Policy
  • Privacy Policy
  • Cookie Consent Banner
  • Processing Agreements
  • Blocking cookies until permission
  • Possibilities to view personal data & be able to send these data within one month
  • Secure connections (SSL)

WordPress has so many plugins available that can help you in this list. With CCPA that is upcoming the following list of comply aspects are required for WordPress site:

  • Privacy Policy
  • Secure connection
  • Cookie consent banner
  • Do not sell my personal information document
  • Processing agreement with all processors or service providers.
  • Age verification

Similar to GDPR but not identical. That means if you are worried about CCPA you’ll either need to make sure you add a DNSMPI Page, build processing agreements & search a way to confirm age of users.

Solutions:-

One fast and easy solution to get CCPA compliance website is to install plugin. Specifically Complianz plugin. This plugin have both GDPR & CCPA important settings to comply WordPress site.

Complianz plugin have some additional features also:

  • Cookie Policy
  • Disclaimer
  • Cookie Consent Banner
  • Do not sell my personal information page
  • Data Leak Reports
  • Privacy Policy
  • Privacy Policy for Children
  • A/B Testing
  • Statistics to analyze which cookie banner perform well
  • Tag Manager Implementation

Plugin is also ready for ePrivacy. This is new upcoming European legislation planned to come in affects from 2020. Also the Complianz plugin is COPPA ready. This is American law that guarantees online privacy of children beneath 13 years old. So with this plugin you can make your site compliant with four legislations.