LGPD, GDPR, and CCPA are data privacy regulations like so many others that are comming into force. And, like all regulations, their text is long and detailed.
To simplify understanding, we've outlined the key similarities and differences. There are six main differences:
However, it's a misconception to think that these regulations are mere replicas of each other just because they concern data protection and privacy. Compliance with one doesn't guarantee compliance with the others.
Among these definitions of personal data, there's a more special category: sensitive data.
Sensitive data includes information revealing racial or ethnic origin, political beliefs, religious or philosophical affiliations, union membership, and matters related to health and sexuality.
Unlike LGPD and CCPA, GDPR prohibits the use of sensitive data unless such use is provided for by law.
LGPD and GDPR, within their respective territories, apply to all data processing except for personal use. Whether it's a company, NGO, or government institution, the law applies.
CCPA is different in this regard. It specifically applies to:
In LGPD and GDPR, the sale of personal data requires a legal basis prescribed by the law. It's not something anyone can do.
On the other hand, CCPA doesn't prohibit the sale of data. It only provides the option for the data subject to opt out of having their data sold. In other words, a person can agree or disagree with the sale of their data, and the company must respect that choice.
GDPR, LGPD, and CCPA impose different fines and penalties, so each one should be consulted separately. In this article, you can find more details about LGPD fines and penalties.
We've already seen that there are significant differences between the three regulations. So, what are the similarities?
All three regulations ensure transparency regarding data usage, including whether data is being processed, whether it can be sold, and the purpose behind these actions.
All three regulations allow users to revoke data consent and ensure they can update their data whenever they wish.
The regulations establish a governmental authority to ensure compliance. In the case of LGPD, it's the National Data Protection Authority. For CCPA, it's the Attorney General of the State of California.
As discussed in the previous sections, the laws apply to their respective territories. If your company handles data from Californians and Brazilians, you need to be fully aware of CCPA and LGPD. If your company processes data of European Union customers, GDPR compliance is necessary.
However, in practice, this is simpler. Since LGPD is based on GDPR, it's easy to align with both regulations. Given that all three are based on principles of transparency and consent, three steps will ensure that your website doesn't run into issues with any of these laws.
One thing LGPD, GDPR, and CCPA have in common is their emphasis on transparency and consent, which underpin the entire law.
What does this mean in practice?
Every user needs to know that their data is being collected and for what purpose your company will process this data. This information needs to be explicit. Knowing this, the user needs to agree. This is transparency and consent.
If the user doesn't agree to data processing, they should be able to express this decision clearly and directly. Your company should respect this choice without pressuring the user to provide data.
However, manually managing this process would make operations for any company complex. To streamline this service, we move on to the second step.
A cookie banner is a text notice, similar to what you saw when entering this blog. The cookie banner informs the user that the site collects data and requests the user's consent for data collection. The cookie banner also explains the purpose of collecting this information.
Most importantly, it records all of this. We can prove which data you agreed to provide, which is crucial for legal compliance. Moreover, through the cookie banner, you can specify which data you want to provide and which you don't, or even refuse to provide any information. And that's perfectly fine.
To ensure this operation runs smoothly, LGPD, GDPR, and CCPA require that each company has a responsible person. This professional is called a DPO: Data Protection Officer, which is the third step.
DPO stands for Data Protection Officer. Your company can outsource this service or select an internal employee for this role.
The DPO is legally responsible for the company's data protection policy, acting as the liaison between the company and the data protection authority. In the case of LGPD, this authority is the ANPD. For CCPA, it's the Attorney General of California.
With these best practices, your company is assured in this ever-changing landscape and extensive debate on data usage.
Tired of the ads from that site you visited following you around? Is your computer running slow when accessing a particular site? Want to delete all cookies from a specific service or site?
In this article, we will answer all your questions regarding fines under the LGPD (Brazil's General Data Protection Law).
While both regulations share the goal of safeguarding individuals' rights regarding the processing of their personal data, there are some important differences between them. It is crucial to understand these distinctions and their implications, particularly in the context of internet cookies.
Using a CMP (Consent Management Platform) is a great way to make efforts to adapt to new privacy regulations like GDPR, LGPD (Lei Geral de Proteção de Dados), and CCPA.
Have you ever thought that your marketing agency could find a great business opportunity in LGPD? Well, unlike what many think, it brings changes that can accelerate the demand for the services of these companies.
How does your website handle LGPD? What strategies does it use to comply with the General Data Protection Law? Have you thought about using a cookie notice but don't know if your site has cookies or if it's enough? If you can't answer these questions, be cautious! Your page may be exposed to fines and other sanctions.
Understanding the General Data Protection Regulation (GDPR) and its impact on cookies is essential. So, let's break it down, step by step.
In this article, we'll explore the GDPR foundations and provide practical insights from the basics to more advanced concepts of its legal basis.
Surely you've already seen the predictions of fines and sanctions, processes. But, what does it mean to your company?
In the end, our goal has never been to predict doom for companies or to be part of the LGPD's Apocalypse Cavalry. But, since we've been in the market for some time, these kinds of issues always catch our attention when we start data mapping and having conversations with colleagues.
It's time to talk about one of the most impactful tasks, both for the company and for the visitors of your websites: tag categorization. But why is it so impactful? What is the relevance of this configuration and how can it affect us? It is precisely because of these common questions we receive from our clients that we have written this article on best practices in tag categorization.
Now that we have the data flow within your company, we need to highlight 2 aspects of LGPD that will help you determine the extent of your responsibility in relation to the many points listed in the company. I'm talking about the difference between Data Controller and Data Processor.
Despite cookies being more well-known, what is the main difference between cookies and session storage and local storage? Why choose one over the other? This article will help you with these doubts!
With the data mapping we have a clear understanding of the 5 stages that every data goes through in a company.
While it's not exactly breaking news, discussions about privacy policies have been popping up more frequently since the start of GDPR in Europe. And despite it seeming coincidental, it's not!
Drawing an analogy from the world of soccer, we can think of the DPO as the "midfielder" of the team, responsible for connecting the defense and the attack.
Brazilian LGPD - General Data Protection Law brought with it several acronyms and specific terms. Many of them imported from other countries and legislations. One of them is ROPA (Record Of Processing Activities), adapted in Brazil to Registros das Atividades de Tratamento. An essential document for any DPO, Data Processor.
© GO ADOPT, LLC since 2020 • Made by people who love🍪