By 2022, half of the planet’s population will have its personal information covered under local privacy regulations in line with the General Data Protection Regulation (GDPR), up from one-tenth today.Source: Gartner
Data is the new currency
Gartner had it right. Nearly every major country across the globe has a standard set of regulations to ensure ethical data sourcing, storage and transfer practices. As brands work to meet increased customer expectations for personalization and stand out in a fiercely competitive landscape, data has become far more valuable than anticipated.
The consequences of data without controls
The huge influx of data and its growing value has resulted in numerous data breaches and fraudulent activities. Data privacy rules and regulations ensure the free flow of data while preventing invasion of privacy, fraudulent activities and misuse of data. It encourages companies to take accountability and offer complete transparency to their customers while adhering to ethical and legal data mining, storage and transfer practices.
Data privacy isn’t new
Data privacy laws have been in place since 1947 to ensure ethical data collection practices and protect customer privacy.
In 2016, the European Union’s General Data Protection Requirements (GDPR) went into effect globally, and more have followed.
Here’s a quick summary of some of the major data privacy standards:
General Data Protection Regulation (GDPR)
The European Union’s General Data Protection Regulation (GDPR) went into effect May 2018 and has become the yardstick for basic data protection guidelines and rules. The impact of GDPR was felt globally, as it influences processes for companies operating within European borders as well as those that operate overseas but deal with the data of European citizens. GDPR enables a standard framework to protect personal data as well as ensure the free movement of data. According to this Act, companies must adhere to a standard set of regulations for data storage, usage, and transfer. This act also requires companies to periodically delete unnecessary consumer data, especially when requested directly by the customer. GDPR fines and penalties are quite high.
California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act (CCPA) went into effect January 1, 2020. This act gives more authority to customers when it comes to companies dealing with their information. It gives the customers the right to know what information is collected about them, the right to request data deletion, the right to opt-out of information sharing and the right to non-discrimination for exercising their CCPA rights. In addition, businesses need to be completely transparent with their customers on the kind of information they are collecting and why. The Act also fines businesses that fail to adhere to these standard regulations.
The core differences between GDPR & CCPA
GDPR is regarded as the standard guidelines for data compliance but its jurisdiction is limited to European borders. In the U.S., CCPA is the standard and widely accepted set of rules for data privacy. Here’s a comparison of the two.
|Defines personal data as “Information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”||Defines personal data as “Any information relating to an identified or identifiable natural person (data subject), directly or indirectly, in particular by reference to an identifier.”|
|Also includes data that is not just specific to an individual but rather categorized as ‘household data’||Refers exclusively to individual data|
|Aims to create privacy by default||Focuses on creating transparency between the customer and the company|
|Grants rights to individuals||Focuses on protecting individuals|
|Doesn’t require companies to notify their customers||Requires companies to have a privacy notice on their websites|
|Allows customers to opt out of sales information||Allows customers to request deletion of their personal data|
|Has no legal grounds for processing data||Has 6 legal grounds for processing data|