GDPR (General Data Protection Regulation)
Applicable Region: European Union (EU) and European Economic Area (EEA)
Overview:
The GDPR is a comprehensive data protection regulation that came into effect on May 25, 2018. It applies to any organisation that processes personal data of individuals within the EU, regardless of where the organisation itself is located. The primary aim of GDPR is to give individuals more control over their personal data and to standardise data protection laws across Europe.
Key Aspects:
- Personal Data
- Data Subject Rights
- Consent
- Accountability and Transparency
- Data Protection Officer (DPO)
- Fines
DPDPA (Data Protection and Privacy Act)
Applicable Region: India (under discussion, but expected to pass soon)
Overview:
The DPDPA refers to India’s Data Protection and Privacy Act, which is a proposed data protection law in India. While it has not yet been fully implemented, it is expected to align with global standards such as the GDPR. The bill is intended to govern the collection, storage, and processing of personal data in India, ensuring the privacy rights of Indian citizens while regulating how organisations handle personal data.
Key Aspects:
- Personal Data
- Data Localisation
- Rights of Individuals
- Consent
- Data Fiduciaries
- Data Protection Authority (DPA)
- Penalties
CCPA (California Consumer Privacy Act)
Applicable Region: California, USA
Overview:
The CCPA is a privacy law that took effect on January 1, 2020, to enhance privacy rights and consumer protection for residents of California. It is one of the most comprehensive privacy laws in the United States and was created to give California residents more control over their personal information collected by businesses.
Key Aspects:
- Personal Information
- Consumer Rights: California residents are granted rights such as:
- Right to know what personal information is being collected.
- Right to access and delete their personal information.
- Right to opt-out of the sale of their personal information.
- Right to non-discrimination for exercising their privacy rights.
- Businesses’ Obligations
- Scope
- Penalties