Are you too a privacy geek? Or simply a mere mortal struggling to understand the scope of the California Consumer Privacy Bill? In the numerous discussions led with our customers, it seems quite some confusion was created by the US version of the EU GDPR. Why? Well precisely because it is different than the GDPR. So let's see here the top 6 differences between the two and how they impact the contact center.
#1 – CCPA protects consumers vs. GDPR focuses on Data Subjects
Consumers are people who reside in California
Data Subjects refer to any natural person and NOT necessarily EU residents for EU-established controllers. So if you have businesses in Europe, regardless of the residence of your data subjects, you need to abide by the GDPR.
#2 – CCPA Personal Information vs. GDPR Personal Data
Personal Information means any information that could be reasonably linked, directly or indirectly, with a Californian customer or household while the Personal Data is any information related to a data subject. In other words, the CCPA can cover your search history or your browsing history, while the GDPR only covers the information that is related to an identifiable person – name, address, IP, social security #….
Another major difference is that the CCPA extends to households and devices. As such, it means that all data that are derived using analytics or other technologies, from any of the information identified to create a profile is concerned -abilities, aptitudes, characteristics…
#3 CCPA Business vs. GDPR controller
GDPR applies regardless your size or revenues, CCPA only applies to businesses that:
- Do business in California
- Collect consumer personal information
- Are for profit
- Satisfy one or more of the following:
- Generate more than 25M USD in revenue
- Process over 50K PI
- Derive 50% of revenue from PO
#4 CCPA Obligation to Inform vs. GDPR Right to be Informed
With the CCPA, Businesses have an obligation to inform consumers on the categories and purposes of personal information collected. With the GDPR, businesses have to thrive for data minimization and identify data controllers and Data Privacy Officers (DPOs). The nuance here is methodological – GDPR is about creating a paradigm of privacy by design. With the CCPA, businesses have to be more transparent, with GDPR they need to change the way they process private data.
#5 CCPA Right to Request Information vs. Right of Access and Data Portability
With GDPR, data subjects can access or obtain confirmation and information on their data, regardless of how it was collected. Businesses have a duty to provide it free of charge in an electronic form. While with the CCPA, the right to request information is only tied to the categories and pieces of data collected and is limited to the past 12 months.
The CCPA's Right to Request Information is not as extensive as the GDPR's requirements. Information should be transmitted in a portable and readily useable format. While the GDPR requires structured, commonly used and machine-readable format.
#6 CCPA Right of Deletion vs. GDPR Right to Be Forgotten
With the CCPA, the deletion rights are only partial. While consumers can request their data to be deleted, 9 exceptions apply which will surely make lawyers very happy as they indeed create a loophole. Californians' data doesn't have to be deleted if it is retained for legal obligation, security purposes, to complete a transaction, and more. With the GDPR, businesses need to delete data if it is no longer necessary and/or when data subjects require them to do so, among others.
Because compliance is now a CX differentiator, we at NICE, we have developed a unique solution for all your compliance needs. Whether you are in California, in the EU, or anywhere in the globe. The Compliance Center brings together data tagging solution to easily retrieve data and extraction and deletion mechanisms to make sure you satisfy the requests of your customers. By leveraging analytics and automation, we make sure you can have a winning compliance strategy, without burdening your IT and business teams. And we don't just stop at Privacy, we address all your regulatory challenges with one system – whether it is for PCI DSS, Dodd-Frank, CFPB or MiFID II, we have got you covered. To learn more, join our LinkedIn group focusing on compliance in the contact center!
