Comparison of GDPR, CCPA, CPRA and PEPIDA

Comparing privacy laws can be challenging

Some US companies need to comply with GDPR.   Others need to comply with the California Consumer Privacy Act, CCPA. If the California CPRA ballot initiative passes in November, US businesses that needed to comply with CCPA may need to remap their personal information (PI) to identify the locations of the newly defined Sensitive Information and to address new requirements for managing Service Providers and other third parties. We recently had a client that was covered by CCPA and also Canada’s PEPIDA.  These laws are not the same.   To help, we have extended a comparison of the laws that the Future of Privacy Forum compiled in February of this year.   

We’ve added definitions of Personal Data for GDPR and the Personal Information as defined by PEPIDA.   We’ve clarified some of the differences between the CCPA and CPRA.   And we’ve increased the detail that privacy professionals who are implementing privacy programs for businesses will need to know.   You can click here to download the pdf of our COMPARISON of PRIVACY LAWS. For more detail, here is the CCPA.   Here is the language of the CPRA.

Here is a link to an explanation of our Operational Privacy Implementation Service.   Our goal is always to help you achieve compliance at minimal cost of implementation and minimal cost of operation.


We specialize in Data Protection and Privacy operationalization.   But we are not attorneys.   We would be happy to provide referrals to legal experts in privacy law.


For a related articles see