Are the EU GDPR and the California CCPA Becoming the De facto Global Standards for Data Privacy and Protection?
General Data Protection Rule (GDPR) is designed to protect the personal data of an estimated 508 million people in the EU. The GDPR imposes new requirements on organizations that process personal data and are established in the EU and, in some cases, organizations that are established exclusively outside the EU. The California Consumer Privacy Act (CCPA), set to go into effect January 1, 2020, is intended to protect 39.5 million California residents and is broadly applicable to American companies. The GDPR and CCPA are becoming the de facto global standards for data privacy and protection because of the sheer volume of citizens protected and the wide applicability of the laws to companies. This article addresses common elements between these two laws and the origins of data privacy that in an era of globalization are likely to drive common behaviors among organizations globally.