GDPR and CCPA

If your business is required to comply with both the GDPR and the California Consumer Privacy Act (CCPA), you can use some of the work from your GDPR compliance program for the CCPA. Although the regulations have some similarities, a few differences include:

  • The definition of personal information differs for each regulation.
  • The GDPR requires consumers to opt in before their personal data may be used for certain purposes; CCPA provides consumers with the right to opt out.
  • The CCPA has additional data inventory and mapping requirements.
  • The regulations have different privacy policy requirements.

Businesses that comply with GDPR might have additional obligations under the CCPA. To learn more, see the CCPA Fact Sheet.

Best practices

  • Examine the current privacy policies for all of your stores to ensure that they align with any applicable legal requirements (including, but not limited to GDPR and CCPA).

  • Update your Google settings and ensure that they align with your legal obligations regarding the use of personal data.

  • Maintain transparency and keep thorough documentation.

  • To learn how Adobe helps merchants comply with applicable legal obligations, visit the website.

  • For data flow diagrams and database entity mapping, see the Personal Information Reference.

Previous pageCCPA compliance
Next pageCookie law compliance