CCPA vs. GDPR
California Consumer Privacy Act in comparison
Practitioner's note: This article is practice-oriented compliance documentation, not legal advice. We are a compliance specialist, not a law firm. For legally binding information please consult a licensed lawyer.
TL;DR
The CCPA and its successor CPRA apply to companies processing data of California consumers. Thresholds: USD 25 million in revenue or 100k+ California consumers.
What is CCPA vs. GDPR?
Differences:
- GDPR: all EU citizens, all processing activities. CCPA: California only, commercial only.
- GDPR: opt-in for marketing. CCPA: opt-out is sufficient.
- GDPR: fines of EUR 20 million / 4%. CCPA: max. USD 7,500 per violation.
Practical example
EU SaaS provider with US customers in California: must comply with GDPR + CCPA + potentially additional US state laws (CO, VA, CT, UT).
Frequently asked questions
Which applies to DACH-region companies?
GDPR always. CCPA applies if California end customers are addressed and thresholds are met.
Recommendation?
Use GDPR as the baseline standard, with CCPA add-ons per US customer case.