♥ 0 |
Marked as spam
|
Private answer
In practical terms of implementation, if a company is already compliant with GDPR, they are almost certainly compliant with CCPA, since GDPR is more strict. So to answer the question: the most important consideration when making an app compliant with both sets of regulations is to focus on making it compliant with GDPR, which virtually guarantees compliance with CCPA. Here's an article I wrote about GDPR compliance for mobile apps: What does GDPR mean for mobile? The main considerations are:
In terms of differences between the regulations: One comparison between GDPR and CCPA is that the GDPR is a door that prevents data from being collected ("privacy by default") whereas CCPA is a window that allows a person to understand what data about them is being collected. The biggest difference this creates in terms of practical compliance is that the right of prior consent that exists in GDPR and compels a company to gain consent from a user before collecting PII doesn't exist in the CCPA, and the right to opt-out that exists in the CCPA and compels a company to allow a user to opt out of data collection doesn't exist in the GDPR (because the user would have needed to give prior consent). Note that both sets of regulations provide the right to access and the right to deletion / erasure (delete is the CCPA term but the rights are functionally identical).There are some other differences around applicability (CCPA only applies to companies of a fairly substantial size) and protections (CCPA only protects legal residents of California). This article from the FPF provides a nice overview of the similarities and differences between the CCPA and the GDPR. Marked as spam
|
|
Private answer
Some important considerations:
All these are a must if you really want to cover yourself from all angles. Marked as spam
|