Privacy law experts warn companies not to assume they can comply with the California Consumer Privacy Act (CCPA) because they are in compliance with the EU’s General Data Protection Regulation (GDPR).
“The fact is, CCPA is not GDPR, and it is different. There certainly are things that you probably built for GDPR that will be helpful, but CCPA deserves its own attention,” said J. Trevor Hughes, president and CEO of the International Association of Privacy Professionals (IAPP) at a privacy panel at RSA 2019.