Almost every website in existence is running on cookies. Cookies are small text files containing bits of information about a website visitor and the majority of them are used for tracking website visitors for marketing purposes. Some cookies are mandatory for enabling the most basic functionalities of a website, while other cookies are designed for tracking end-users’ preferences and online behavior.
What is the GDPR and how does it affect me?
The General Data Protection Regulation, or shortened as the GDPR, is a data privacy law that sets strict requirements for website owners on how to handle data collection. The gist of the GDPR is to give website users control over how their data is used with ‘transparency’ and ‘user consent’ being important keywords of the regulation.
The GDPR was enforced on May 25th, 2018, and failure to achieve compliance can potentially result in heavy fines of up to €20 million or 4% of an organization’s global yearly turnover. Hefty fines have already been issued.
Though the GDPR is a law for the European Union, the law not only applies for websites and users from within the borders of the European Union but also for websites that caters to and/or have visitors from the European Union.
What is the CCPA and how does it affect me?
The California Consumer Privacy Act, or shortened as the CCPA, is a state-wide data privacy law that sets requirements for business owners on how to handle personal information of California residents.
The CCPA shares many similarities with the GDPR, but the CCPA only applies for for-profit businesses that either:
- Sell personal information of more than 50,000 California residents annually
- Have an annual gross revenue higher than $25 million
- Or derive more than 50% of its annual revenue through the selling of personal information of California residents
In comparison, the GDPR applies to any type of organization, as long as they cater to or have users from the EU, and the GDPR also does not provide a revenue threshold.
The CCPA was enforced on January 1st, 2020, and it is the first and only data regulation law in the United States. Should a business fail to comply with the CCPA, then consequences can result in $7,500 per violation in addition to $750 per affected user in civil damages.