CCPA and GDPR Are Only the First Steps in the Privacy Revolution

Where We Began: A Brief Recap of CCPA and GDPR

CCPA and GDPR continue to be big, scary buzz words in the information governance space, but what do they really mean? In short, CCPA is the first major legislative action taken in the US to secure data privacy for consumers. GDPR is a larger, sweeping regulation passed for all EU member countries. Both seek to return control of data privacy to consumers.

There are differences between the two pieces of legislation, with GDPR obviously being broader and more stringent as it affects a much wider swath of data producers, processors, and users. GDPR affects all online data gatherers while CCPA only affects businesses with revenue in excess of $25 million. GDPR is comprehensive, and while there are sure to be adjustments made along the way, it is more rigidly in place than the CCPA, which may be augmented as soon as 2020.

That's a very rudimentary summary of what's happened so far. But that doesn't mean it's over. No, it appears that the data privacy revolution is just beginning.

Taking It to the Next Level

While CCPA and GDPR are definitely nothing to ignore, they're only first steps in what's sure to be a very long process of creating and passing privacy protection legislation. Many states are beginning to follow California's suit, submitting regulations of their own, and I would wager that it won't be long before we see some level of national legislation that sets a baseline for state legislation to meet.

At the same time, some tech companies are already starting to push back against these regulations, with some viewing the response of these companies to CCPA as taking the teeth out of the resolution. Technology is also constantly evolving, obviously, so there may come a time when there are data regulations needed that we can't even fathom at the moment. Facebook just announced a virtual world of VR-- there will almost certainly need to be some kind of regulation on that, for example.


While there are a lot of takeaways from CCPA and GDPR, they're only the foundation of what's sure to be a robust, variable landscape of data privacy regulation. These types of legislation were inevitable (and probably overdue, to be honest), and more are sure to come. The best thing you can do is to educate yourself and stay up to date to make sure your business stays in compliance, because the legislation is coming, and you'd better be ready!

Tucker Partridge is a graduate of the University of Arkansas, and a newly minted Bay Area resident. He is a professional marketing associate, a semi-professional comedian, and an amateur trivia enthusiast.