There are significant differences between the version of the CCPA that was first proposed as a ballot initiative in 2017 and the version of the CCPA that was ultimately passed by the state legislature in 2018. In general, the version passed by the legislature conferred greater data privacy protections, but imposed weaker penalties for non compliance. The following chart compares the ballot initiative and the final legislative version against the requirements of the European General Data Protection Regulation (“GDPR”) as a common baseline. It is important to note that other California laws overlap with the GDPR as well. For example, while the final version of the CCPA did not include a data breach notification requirement (as noted below), California has a separate, pre- existing, data breach notification law.
Please see full publication below for more information.